hxxps://open[.]spotify[.]com/track/7cGDxaRthVVC4FTv14jhVY?si=c6514c3dfca54951

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 12:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://open.spotify.com/track/7cGDxaRthVVC4FTv14jhVY?si=c6514c3dfca54951

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
4364	msedge.exe
4364	msedge.exe
4180	msedge.exe
5228	identity_helper.exe
5228	identity_helper.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 1180	4364	msedge.exe	83
PID 4364 wrote to memory of 1180	4364	msedge.exe	83
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 4688	4364	msedge.exe	84
PID 4364 wrote to memory of 1612	4364	msedge.exe	85
PID 4364 wrote to memory of 1612	4364	msedge.exe	85
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86
PID 4364 wrote to memory of 3204	4364	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://open.spotify.com/track/7cGDxaRthVVC4FTv14jhVY?si=c6514c3dfca54951
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6ed746f8,0x7ffe6ed74708,0x7ffe6ed74718
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.CdmService --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --service-sandbox-type=cdm --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16081376739756882197,10574418650010646911,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
204KB

MD5
41785febb3bce5997812ab812909e7db

SHA1
c2dae6cfbf5e28bb34562db75601fadd1f67eacb

SHA256
696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483

SHA512
b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
038b8eef1597bad036e027798793a28e

SHA1
e8e724e8e93c60766435b3fb3b4cbc628f2ac640

SHA256
bb3eb16dd5cdaf409886702c92f5722d20f2989c9ecd324b7a41de0cae88eaeb

SHA512
533320696f5677b6ed7d44f8bfe8ab37d8b362e18f868471601f3af033ec5e5531c8f78c3b8e6d2d2438d9e24294e14aff566766b33b48cf34bdbd99d0c1a200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
36d79ee446f6d2bf3f879c6924f3b153

SHA1
4607d65462f50492cd3a12b56d07f7c2cd61b29e

SHA256
ae1e2844f5ac0cf5ee170bd0be89f201bf7b378b75f007ed1f4c46eece48f925

SHA512
e8a57de47c52a9355cf86ce39fdf5b5a15692c65291c8d2899b7f996599c14e1c2ccdeb866b792a1873f991f61c8f44f4c8fe5b1e99c5b95bfedc5c1600173ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
91e20f5f6ca9a198b1ba1903e856c790

SHA1
04cc54814f5626a43e518d255e56ca175221f5a0

SHA256
c2d1be8938bef0664be2d159ffd33d14cc1d8b34c8442bbe122aa6214c882d99

SHA512
ee2b8779117ad3b7f01d0b06e1bdc4e543aab0b66e991384835dc95057fea884b8904bf66c29530eda1727e008aa16fa29d0ade00eab5c5997c023ed042c5846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
81eb1ace82085cfe7e7f78018991e51a

SHA1
d35c24cf26ea72149e55242b0189a085c9a0f263

SHA256
1547b85a12f3aed179edb3bfa96bb7933e7cf3c2e661b7abc123b53ae3e4f6d0

SHA512
ccbcea103a7b54a9d9e969c7cf27db804827a6807390fd98a8b5ba3abd708fb9f19ac59f1c3001e0ae50223cc97578d440eb0daf406597f19bd943e2eab964a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0192b4cc1939dae888f8d59fd609da78

SHA1
fb90143cd62786bdc6f74ea0dd8841b5a5b5eeb1

SHA256
e52c65740737b4f05482825aa2d3606ce7c46f1440ed70f8143cadfe36774f94

SHA512
f938739e16f32196830e63bf92d0c4eea0ebb09e6f5dc419d6418f1ef67c93cadb27d9d851d0410a72507a8512b42fd95b4932582b38fa76e1f21c044052080a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
10677c9e4be12760a15d09a8dc5f44b0

SHA1
eaf19101c3a6e648de6029b01491eeaa64e1bd86

SHA256
3a49448560b257dc8c09b0064cd6ba842f0041e4c361a333a058a10efb07c599

SHA512
d33ab545c4eebb1c35a4cc0039f4087baafe4fbed468781db2c1c88f586178d4f4e7725c1f41a7923090b0bd3658d082b2a800279dc5b36cd8d97f66f9fcea0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\3ec4829d-5601-4dca-9d56-f261b9ea48ce\index-dir\the-real-index

Filesize
3KB

MD5
d6bbfd3a869d106bf376fa74d35095be

SHA1
4f50f973d6636afd4b416badde2705eb1027b1e4

SHA256
d39f3673b8c82572ebf05663c668c73a41c720f2afd9079eab4bb04f9adee245

SHA512
d89cb5df8dc15ae66a1d54d6f247cab39da1e6b4599cad804e73b2ec910c902c145492f8caa40a63b9f2eaf0ea22e329180d63068e4f591e9efc42ddbca5b157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\3ec4829d-5601-4dca-9d56-f261b9ea48ce\index-dir\the-real-index~RFe57be20.TMP

Filesize
48B

MD5
650d3168d75850f91b282932248ea24c

SHA1
4e0c79e0b68d9d969aa080c9b1fcf6e50af1bc75

SHA256
1bdb39014cde34507c95a7c25aac59fabcb9d748e5200c50bc925dbee1482872

SHA512
9a5d1dc519bc5f4882c5af5fb6a3e7c75fb445d693f3a3552e11c4a1a23844c5f8cd2f2f321cea5b3cd95cc28b2ef026e7d0cc77a43679e150f242e7b7bb8a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\index.txt

Filesize
127B

MD5
436a428040f152a799755b20f2498099

SHA1
0382e4ce2be88ab6073059fb1a05e240047cbd29

SHA256
8f0bad91966a32bf6bbd6010d3439c73ec95df4d82602f6fc62fd0f6f3b0b0e4

SHA512
2baadf93cddf329640441720571025f3c66fed7ca105f295a66281f8f88c0491ede2a13d60156d6e43d22105b51b5509af2809abdbdf70f1874e9f9fd9e838e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\index.txt

Filesize
123B

MD5
b441dacf4b86c1c8f179c2756561a263

SHA1
c3cd86c15edfef9367ae2717e66d85e158427d4c

SHA256
ec1d5177070902261831947fb4db04dad779b8f5a6c1f34312ce4f587ec9d588

SHA512
e3f449f721480378834a2bb652f2149d2568fd688f01554efd9cdae2ce3d372ad572e1a4a1ffb468f0994bb286eb9359bdfc27f67374bd50282228db54752626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7acc9036e37beebbb9245efef4d61f28

SHA1
d59f892cfdf07fde8b4f1084fd709f31b3458096

SHA256
1e6cb42d55b472d1db53fcfdfbdef57369ddbb4d36d883952b4e66d9fe9a8cfa

SHA512
a221394b65ed11651f0180011d7459a305362c4ea7c487b49a335e83136bd075b2261a7dbae7c95e4a67bc8ca7337837a6649112515dd2163a3db4c476d133e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579e92.TMP

Filesize
48B

MD5
08bfc358f1f9e584d0e00f25a533bf8c

SHA1
e243131c9da0872c0799022f98ccb0817c0f627a

SHA256
0d9d1f10815e2d56a4254d8b7e28ffccfb8defbae39f86bd97ddd24c6727125c

SHA512
dbfb4605ae7c5dbe3f64c4e63651857cb82439ad11f20875d0688b889861b6a1c64d742572ff3944749327262e772fba80962ce41dbca91659e6bb5f8e9eb1ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
403262806822b4ec94f708621348b63d

SHA1
72b65a7fc452aed07c0c8f933d42b636093e00b5

SHA256
f21bcdf1fd8d46309223858bcc2492b13a327fe366fb12da0470320a9172596e

SHA512
0646785027fa15c00c03662d8a58302b70df3c870717d3f8a7619d73d2d13615f70b30cfc601daedfc16924300688aa1de3ddcea23a527552cf5d734532f47cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0405c3d887685bc23fe3ad75b5a26e9c

SHA1
9e18482fe0640650d242c8194c2184e7343e9ad4

SHA256
250f306bccee001abcf8772c19296692bfec4beb9b62d842b76e1ec08760bc90

SHA512
91e9ea42f8a190b92054a077ace40076340ca75bd8e63ac3e2435bfd1d6b0bcf4e7f9b3cbc43948119e29f516137963cfef36abda1f8d38ee3d20695117da3be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bc10b07b61443e387f1cd48a6f7939ae

SHA1
450cad88a4ddec5c297d2cb7301f4c5c7b83221e

SHA256
043f1ec54e7a9044858cbd8f18a812f1946c6c5f7b2bd06653dc5ee50c4464ce

SHA512
c9d24c6b4d163dbdc7c86f97efc35dff8f5d0532192f868ef503a98ab07df6dfca3ad11d55085c26a857e8b2299ac8580e4d755169ad3d4dd033e0ad91790b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cb43a96efc3b4477d9e4165bf3dbfc97

SHA1
933a1b5bef148d42e7b31723dfbd9246f50c31b3

SHA256
e1898c1937620a374010223cae469ae9f97d0c1dff1f723a8e63153e4ac21364

SHA512
4f9d56c9ea4c5fd6b622812d22bdffb97b47dde6d8a41b4cb26661d826a7e610293588b60d652ff4b89daa3e5edd3d87412b068835a168477eb98d065dcdf781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578f7e.TMP

Filesize
3KB

MD5
548307573794686b240057ba69240fb3

SHA1
c99eeb811935adbc1dc03ab8d98a3751a70a6a34

SHA256
72e10228c56087e0a7765ff9fd36efaa22ccc1105fe6a820d946025b7759a8b7

SHA512
f51114adc767ab44462eda9e127a0058dbb3e8ffb354aed38506add45e26cf2bbd2f5921e9ca316cb268c297570ca2afaa9012f4292e12ed301462b49a101737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e4576fb18692ad23a61640dbd0e0e708

SHA1
fa0da5ad39b918af538538dd59eead22b4251f1e

SHA256
c67e127247cd92ccc5ba8041c141c00c7e29ba484d4c625345db65ea89552f9a

SHA512
23b28a0b2d6d28dee3fae4391f72a7d9d661a2ede13967a7499b33562d9516468c8310e1485c422da0f9dc95acb549c23b6387acd4162a7ae1f07df78d9db61d

Download Submit