e2088515aea0131bd3944fbe4d60619630c3d7038eda08c40c0123af07842383

Analysis

max time kernel
146s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 04:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c4f15238051ea59867a5fe790a37d2b4.html
Size

432B
MD5

c4f15238051ea59867a5fe790a37d2b4
SHA1

3ba5caf637b5a6c8b23c297279e576fd6a184275
SHA256

e2088515aea0131bd3944fbe4d60619630c3d7038eda08c40c0123af07842383
SHA512

5b0fe88ffbb5bab5ca389181f96e742d3ec8918dc0f26636588612946d3e5c8f0da345799eff5e5e1d630b6d25780fa1e63e05ab4990edb3ea1bb03986891dcc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
3584	msedge.exe
3584	msedge.exe
3884	identity_helper.exe
3884	identity_helper.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3584 wrote to memory of 5072	3584	msedge.exe	82
PID 3584 wrote to memory of 5072	3584	msedge.exe	82
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 5000	3584	msedge.exe	87
PID 3584 wrote to memory of 1076	3584	msedge.exe	88
PID 3584 wrote to memory of 1076	3584	msedge.exe	88
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89
PID 3584 wrote to memory of 4644	3584	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c4f15238051ea59867a5fe790a37d2b4.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb33fd46f8,0x7ffb33fd4708,0x7ffb33fd4718
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4430381674907687075,1557170299052711474,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
49d6b1b44c852f2fd997b760cdb4c1ea

SHA1
04c5f0867b15f3fa42a2077720ec6620d71ac757

SHA256
3261fe20c5f4bc848c397cda1bbe57a86e0e7c6c5953354d1e04371f1d120466

SHA512
a5c9543b44058a58015717411a119ca59bf781192d9b70801294b73c4a2fd838e47d9704006c3c05bfc182cfc73cb844525a20fd3f2cc045dc1b75a25be9b614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
a52bd4483eb2dc89ad868d16c77c01f8

SHA1
cae5186324c8cf652e295c156e81890ec04c71e7

SHA256
f4cf884cb8919bcc49586f9cf2eca7ff45735985531b13e758c722c8c21b6ef3

SHA512
a0d7a1cf9e883c482936c68a8d0fd80d1f3be71d962e505c8dd7be5107ed1b028c3c1f3b467e51c5091f1468f51512ed9e9a336c1ce5ce92f737b2fa6e5aec85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_worldfreshjournal.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a7b620ceafaf63357974b4c621bb11cb

SHA1
3f220d95a40180a0cacb1b4070f08572feded2af

SHA256
14c7d88aafa8dfb3c1ac03ce6c78249899db12ff2701018a0e35535627f6997f

SHA512
43147b8ef13ccad105bf672ca569b4e1e0f5d9de42ef83e725afca34b561a052730091a44c9de26c70b9db82632172b2f60d26c8540cfb7e27ca7869ce28a2fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9533b6e7b4bbb3dcb22f597d90e97b9e

SHA1
63a0f1a780240b16a3d03e4f3ef70a74bd267a99

SHA256
2d3ea05c4b27fae5f969ac8cbe8cb4153c16a6f766380baa026edc00adb3b3fd

SHA512
b1cd53b31604c4c426544f4c23f8e27b5ef2f03653dbe23ed94e0298772ffbbce9f3ea61e680c7d0df5e8b63237206a041160801450808a9edeb146eed4b6ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d04d8829676766045b880d200494476

SHA1
28d9fc5b42ca2839a62323606d1287434adedd6f

SHA256
c6f5ab6667e9ec1773aa172f49f02b1358cb89b85292d31ede542793870e584c

SHA512
5b077b18305332d3b087d1195ddc0c02144e155982d7eead7dd2e0db51061348f6aea0751d2e17596e58162c5f0713851b075f44a11dc6040ac3c5d3ac9fbeab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12538cc10790c044488a459858063869

SHA1
0c02d2c8045c01260977d6aaa03035fe71d8c462

SHA256
3dea27c9e9c2e9203cf6e0367924224c17f6acc345868cd7f4d70c0228be4f80

SHA512
4da79389aba81f21fd80dccc03548e7e65923a4074da9228e6d787cde9fb08b3bb52496ca611cd8e8d5cede31b1349456ac594fd1e3dffcead2ab85e33c4faac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
50a29f2ad88884445b7ef05257610326

SHA1
f8c78c9ccbdb956acd2c299113635194fd49295d

SHA256
5f53b0586ad5d0342649f23414cba190660d3185f5ff28dab103303b0102c83e

SHA512
19aa0b60feee4eb27de09a9be38a2db0f9a890d35a9b428fe285b2cbad7d778143a1870d65929e8dac0b765ff2453e76835e593ad7d21201e7a511950f576348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
62633909ccf592337b34f37d97a11cbf

SHA1
1c1c2e127add4c1d7175468e4cca309ca3623fc7

SHA256
ec02b44bf642049830189b347cd0f816f9cf0a5904b898c06aa6189619b552ff

SHA512
381eac5db2ab5d48b81ac4314b241fb5e39471116db5f9c8bd66f59fcab48c670f3a4e15d81138d8f982a28f9dbda3d44fd9cdd79dea8c9387cd4d08d1a42cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d9e5.TMP

Filesize
48B

MD5
7b9650a455c80419cfe9512b239a3f82

SHA1
71a5923617cd3b72c7574217874a6ec2863edded

SHA256
43ec8776d2f6db7571e25ebe871d2714f7ff2ac860b08e9a7c429b1cda6f9c72

SHA512
a717542ad1ff4fdf6a4f2090a24c5ec2a8c5b7914ca0ca544f62f5416335343010e6486465e6ca108241ba7b94828ed236a72836a027b334b2d27d9999852cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2f78befa5c3b6aa6ed085ac7fd0265eb

SHA1
25fa8ef15618d8f7179daf7e9f90c586a69896a3

SHA256
08978ebdb8d9e5ef2fc63bc439cdcde98056ae685629afbdb6f2e5f76921cddf

SHA512
d1af5311cf24cda98c6974f31512b048aae5d5bee3fc99c60d55c7c7a63959263d02605037b8a35c66fd456856e44b238f82cb5803388edc3caf68f1900ef69f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a3ea87f06a19b8de46bd2637885a7211

SHA1
5a55fe3c25de9a2700fe485935040f8a4291e8bf

SHA256
dba5031c3a3d8a17d25e83aec0568a7dff7f6a039d6e7db0c0dd4062fcc94735

SHA512
1a28a9c2d12a2418cadaa563e83c8fcfb7cdeee113beeda5b2debfee466de1995d3b62a8fa9196ffc76b0a00b85f275c48090df48dafbae81054e7f57d46724d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69ac9c6a283a44b7d62a9761e86beb08

SHA1
dbef12bf9d28fb9154f87b0444d824819b9bc120

SHA256
44287e7c1f7efb6813eed7b8ba2ae833178c0c5923f3f592da035bf29d201f44

SHA512
aab38e2f8940be41f9359ced7e73e5fe01e25793cdcdb42896d87f3ad9974c82a40d328538ea2ead7f61630c7e90975fa8efcfc11fbada6602ccb319ed3f1b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d8bc.TMP

Filesize
1KB

MD5
f17c538bb4a3e5b9eb17d24096b06f72

SHA1
edb38d2a03a4a995aaf73a4ac9130a422072c694

SHA256
53d4bed75d04cb3f17064a400629bd188fafec778912252a5299a79d579bc68b

SHA512
d762a60f16ea6bb78b92fc6a9c2a20b2a81ca2d39669d4e4a27af4e4c2eeeaf24f8a6122bd830f072669a3b6ab7bab288c64e4beeeb642a484be78495a573521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03e350b83faeb7fb8a3ed0e525fa0a02

SHA1
13de4cfe6c17b4e14be7b47093bce2ead41bfab4

SHA256
8ba5e3c771c5d53e465fd85462a743a3e0ebd0d329eda55bc1b4ede964e7b4e3

SHA512
194c72f75f8bb336a397ffc0b0f103c19182010ebd87139c0bde53d1f25fd614de9712237bd0d129e7751eb220d8256e578b237235fd7f9ebe8c8d671b41c251

Download Submit