c900619a8c033fd71e3f7d5a20a580372bd974a85f7e4a6362cc75f78da1c632

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca7801d5e5abcd632722ea8206f550e2.html
Size

432B
MD5

ca7801d5e5abcd632722ea8206f550e2
SHA1

3c9c0f966789567dec72c8ac47dc5ae63dcd9b9d
SHA256

c900619a8c033fd71e3f7d5a20a580372bd974a85f7e4a6362cc75f78da1c632
SHA512

3170ff281426dfa4fffd857817f4d199074b941e7f38f3dcc41e3b873d431ef01eec6b42a6926dfa5275e95975bda35f27d318244ea93cd9e9ad25dba7b0c9f1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
1696	msedge.exe
1696	msedge.exe
2176	identity_helper.exe
2176	identity_helper.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2376	1696	msedge.exe	86
PID 1696 wrote to memory of 2376	1696	msedge.exe	86
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4696	1696	msedge.exe	87
PID 1696 wrote to memory of 4688	1696	msedge.exe	88
PID 1696 wrote to memory of 4688	1696	msedge.exe	88
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89
PID 1696 wrote to memory of 2052	1696	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ca7801d5e5abcd632722ea8206f550e2.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbf5946f8,0x7ffcbf594708,0x7ffcbf594718
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10957272996318383678,13961100158521984019,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
94210b914ea4dc805a770c6b2018b178

SHA1
9c5e7bc4f519e67cf191384cc5ad8d36ff4cd2ed

SHA256
253ddd4f5805e24810d37cd050a67e87e84d806a365ace7fe19d5db6f28dd354

SHA512
32bcd1efcdf44f046cadc853f066efaa6827f2034fc4a774d6bd9271bcdcb0c80d9a03f68eafff3c2b37d43cc2f66f0c99c5ce05817db6159ed9c27a280ebebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_worldfreshjournal.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
794B

MD5
a186942ad1b3f675b20d05711ff620b8

SHA1
95b157514571f9fd1ce3dc6393a753bfeee40796

SHA256
6ffcb034f9f38432872b0203e6124ee70abaefafae26d409a0033bf3e9219d0a

SHA512
32613f06daa19e030c9aba3d41158d32dbb8d371ffed9d5065f33440f18e2eefa95a537b70fcfbb355f7314e8c535fd68abb092ec07595f82a9e29eb8d979621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5bf5b27ce8281b8b0f1291c66ca19c83

SHA1
9e8284a421dc3b98cf05e476aba80a5e5a623a8b

SHA256
92e7344bdabbc4d78efb6d51d73ae6a4ac57cb31d813cbfee6572dfbe53cb619

SHA512
ec402d53a1c8ee21be5a0be174b16f43ad408a509432463c88d1c19cb915c24a5d1d290ef0d0ef8254d83ea8e1ebee4868ef4238f9c5a23ee6c8a4da1f46695e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f3078ccd4ff53ce5b057ddf839be829b

SHA1
50d3b98201486e6838d18fe514f32f6d53791924

SHA256
a8ca578fbefe6d312fb908b933c44059fba6152c03c6699519cc0b69bc5e3ba6

SHA512
067fa6f6819e241d84e2be68c345ab5d5c89663c8d2f3828d34cfce018920d1ebf0334675030cac0bc0d74382b9c92e2b1a00d67ac7176e2d5516f36c87b4ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
92103330264c89dc077398e956845409

SHA1
c6703cd67e445ac6ab014ccacbd2a042e5f318ce

SHA256
4663fa9f794a7a11e4872a3471c2185f64a630592b4bd74a0641b82a928a75cb

SHA512
29feda526a5dc8c4a153e7c3e1d5bffd43ed8376b7b73c8427dd7fb92eb406acd75481c398f7d937fc7845a18648e9d6c0020e49f3432a286b35fc8ff9d48e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a1ce.TMP

Filesize
48B

MD5
bd9ba77f78aeb64116c2dc36eab7bea1

SHA1
5cb4715d36504d33e14fb866397de1084cb7f103

SHA256
39fb2a11534a0ecb30c5d77d65ac775b28f8ad197c9489c01e1796b1cb9067ce

SHA512
a4362d6354d7e4d537820525ab00dee7d180a352352af03497792247214bd47ebd88314c247c6bbc6763ac26e5777382a860ed03ad20c7200813d2383726cc7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
10c81b38b29b45e9a1f767678a74da82

SHA1
803edd544b3cb2cffb6000fef46419b2007c38d7

SHA256
66fa89cc385d7e1ba3518e43af82e6ec008a917009428f73d18af2b85db442fe

SHA512
08f74061fdcf76751f144ba1c84d4f685e7e8c0eedd403c8d66e1254e3dc3aebf53a773f3dc989b4ff46c7f793213d4b85156c53c31893720f3a92d3cc9177d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
16a1eadb2caa31cbddfbf71ece423f85

SHA1
8c179a737ed5a678c1469d7ed691cf89916e1e3c

SHA256
47f3fff2d7488bd5422539ede12df9e4e43b6e96a91f0a2525a7eac405181106

SHA512
4c3d65703ccff60b56602b322fa5a4bec68c882d932bfe872f70b927d1856c6deccc59c0bbc36b08d2e219fda6ee10045f8434a7c1cbea950e228947d2d474ad

Download Submit