hxxp://modivo[.]emaillabs[.]info[.]pl/click/?lt=aHR0cHM6Ly9tb2Rpdm8uZ3IvZXBpa29pbm9uaWF8TXpZd01EWTJOalk0WkRjelpXRmxZMlV6TGpVeU9EYzFOakk0WHpNMk1HVm1OREEyWWpGaU16SmhNVFJpWmpZeFptUTRZMll6TmpNMVpUVmpRR0Z3YVM1bGJXRnBiR3hoWW5NdWJtVjBMbkJzZkUxdmJpd2dNVEFnU25WdUlESXdNalFnTURjNk1qRTZOVFVnS3pBeU1EQjhiV0p2WjJsaGRIcHBRR1Y0ZEM1b1pXeHNaVzVwY1M1bmNud3hNaTV0YjJScGRtOHVjMjEwY0h4eVpXUm5jbWxrTWpCOE1RcDhNUzR3TW1Vd00yRTJPVGM0TjJFNU1EaGtOamN5TkdRM1l6SXpNalF6TW1Zd1l3PT0%3D&data=05|02|MBogiatzi@ext[.]helleniq[.]gr|e78babfee1ad4f79d54108dc890d4259|a3c7896ff6e54683b7f814ad0f128eac|0|0|638535937255378126|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|0|||&sdata=kVEAVzcQ6pEWVDU60W9ht3p6gOxH+xxa7516DP33kFM=&reserved=0

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://modivo.emaillabs.info.pl/click/?lt=aHR0cHM6Ly9tb2Rpdm8uZ3IvZXBpa29pbm9uaWF8TXpZd01EWTJOalk0WkRjelpXRmxZMlV6TGpVeU9EYzFOakk0WHpNMk1HVm1OREEyWWpGaU16SmhNVFJpWmpZeFptUTRZMll6TmpNMVpUVmpRR0Z3YVM1bGJXRnBiR3hoWW5NdWJtVjBMbkJzZkUxdmJpd2dNVEFnU25WdUlESXdNalFnTURjNk1qRTZOVFVnS3pBeU1EQjhiV0p2WjJsaGRIcHBRR1Y0ZEM1b1pXeHNaVzVwY1M1bmNud3hNaTV0YjJScGRtOHVjMjEwY0h4eVpXUm5jbWxrTWpCOE1RcDhNUzR3TW1Vd00yRTJPVGM0TjJFNU1EaGtOamN5TkdRM1l6SXpNalF6TW1Zd1l3PT0%3D&data=05|02|[email protected]|e78babfee1ad4f79d54108dc890d4259|a3c7896ff6e54683b7f814ad0f128eac|0|0|638535937255378126|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|0|||&sdata=kVEAVzcQ6pEWVDU60W9ht3p6gOxH+xxa7516DP33kFM=&reserved=0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3564	msedge.exe
3564	msedge.exe
1700	msedge.exe
1700	msedge.exe
3956	identity_helper.exe
3956	identity_helper.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1180	1700	msedge.exe	80
PID 1700 wrote to memory of 1180	1700	msedge.exe	80
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 1712	1700	msedge.exe	81
PID 1700 wrote to memory of 3564	1700	msedge.exe	82
PID 1700 wrote to memory of 3564	1700	msedge.exe	82
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83
PID 1700 wrote to memory of 2272	1700	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://modivo.emaillabs.info.pl/click/?lt=aHR0cHM6Ly9tb2Rpdm8uZ3IvZXBpa29pbm9uaWF8TXpZd01EWTJOalk0WkRjelpXRmxZMlV6TGpVeU9EYzFOakk0WHpNMk1HVm1OREEyWWpGaU16SmhNVFJpWmpZeFptUTRZMll6TmpNMVpUVmpRR0Z3YVM1bGJXRnBiR3hoWW5NdWJtVjBMbkJzZkUxdmJpd2dNVEFnU25WdUlESXdNalFnTURjNk1qRTZOVFVnS3pBeU1EQjhiV0p2WjJsaGRIcHBRR1Y0ZEM1b1pXeHNaVzVwY1M1bmNud3hNaTV0YjJScGRtOHVjMjEwY0h4eVpXUm5jbWxrTWpCOE1RcDhNUzR3TW1Vd00yRTJPVGM0TjJFNU1EaGtOamN5TkdRM1l6SXpNalF6TW1Zd1l3PT0%3D&data=05|02|[email protected]|e78babfee1ad4f79d54108dc890d4259|a3c7896ff6e54683b7f814ad0f128eac|0|0|638535937255378126|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|0|||&sdata=kVEAVzcQ6pEWVDU60W9ht3p6gOxH+xxa7516DP33kFM=&reserved=0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffdcac446f8,0x7ffdcac44708,0x7ffdcac44718
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,8265745899343233756,1570262906666355519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,8265745899343233756,1570262906666355519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,8265745899343233756,1570262906666355519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8265745899343233756,1570262906666355519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8265745899343233756,1570262906666355519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8265745899343233756,1570262906666355519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,8265745899343233756,1570262906666355519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,8265745899343233756,1570262906666355519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8265745899343233756,1570262906666355519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8265745899343233756,1570262906666355519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8265745899343233756,1570262906666355519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8265745899343233756,1570262906666355519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,8265745899343233756,1570262906666355519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
be776591643f687389406ff78df282a0

SHA1
d1c2abe026d92e76156e81327526ace72366962c

SHA256
01618b3dc266ab55fd8e9cafd0955b73aa8266f476928a425c7eaaadb07f1ead

SHA512
43af3966fdc2f893b17b371fbfd68703b00bbb86adb6843212bcc6ecbd5b9d602352b2fd81158d695bec1c64b45342478ad10968bebd8a53e41bb236972ae9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6f7db0e7588878eb9e993fe546073df1

SHA1
cb9bddc1daed705f7d4dcca947abd994eecb0469

SHA256
16f3f76fecf975e5c57027a7b9b1d3af0f14a1364a72a51dfe615ec1df1f42d6

SHA512
907232de0070f5cf0c8decafecde4ae2249fe4e794d6f11dd924368a18f471a9310c41acd854a03ee27a3d9831f0242c8b76f46cea46b18cd437edcc816c5428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
176ffcbdf2fd6f77ad0bba3925b4c882

SHA1
1900f8420662c10360c95f98fe9728407d3e962c

SHA256
eca1021a95678ee273be6ee0a5d40158664b35f935995758b05923202a5472ae

SHA512
b4d07436552eb2343ee17dfbb22897b86480471e835592c0af989d54d158e826c4617539250306427bb39b737c88fc032469921ddf0e7840d21cb48ce68c6cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d6f25a1c3ed7be3508f8ee990fd68f09

SHA1
69c7a3a72ba73c1ad0476b4c019cb0ac007bb412

SHA256
49b2b30b2e10dbf0991d170af863b6c9827602badd5e505d15ae26659cc2e112

SHA512
3a38f81c040b5a176ee7d2407be9616f5337bc33b438bafbbcc67ba8d31ca96033585a36d878a786b5017e3d839fd259cbb668196816fa0313fc74b0df84af20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9336cd9f930e855dd3bf4e676b51def3af2445f2\73e00ce1-9030-4d5c-b916-f851dba9e463\index-dir\the-real-index

Filesize
216B

MD5
b47a5679df1d615cc6916ee297182869

SHA1
b5b5c27be7d76948dc1d9f4f0aaa851daf2e5581

SHA256
9467dbd53bd735984364517847a7f3e5f6b73934b59e91a10b6762e469cc23d8

SHA512
2cd0c96d6dc1adcc2f35477c5ee4f4225cc73609dcb759043af725885d73cdfab2e7da5c76c96c5d1006320d94ca19f5bb785a511539abf5bfd6b8acd82545b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9336cd9f930e855dd3bf4e676b51def3af2445f2\73e00ce1-9030-4d5c-b916-f851dba9e463\index-dir\the-real-index~RFe579606.TMP

Filesize
48B

MD5
02201a4dedf83f0ce52e74838c5a34e2

SHA1
85a60fb00fb68376ea1d37067bff3c1a9bbd42f8

SHA256
4a3061921090c102306920737dc67ce09792b95975dc53f2860d4a6d1c576062

SHA512
c82df453ffdc6674d673891fa1beee19c34fe1956e4bcbc5d5768cfc3a2985d85922294f202143f8d8eb73432fdf473721cdf49e1887ce4687719865b8d7ecac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9336cd9f930e855dd3bf4e676b51def3af2445f2\index.txt

Filesize
113B

MD5
f9cbf74bf4a3d979406ae8d470c7ae90

SHA1
e12349e943a29631d2e13a6b4f35e562e835b99d

SHA256
a18690f4acd39d79bc83cfcc1e9e9d557002818346ab924438efaa9a87d503c2

SHA512
81f8a54bc3f797944fc4378323cc49cd4f4a232ec54055829968ecb055f34d7e469a6370c6607dbf081f53ae0d9cc65f245607458c34c36899d9e8571814f18c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9336cd9f930e855dd3bf4e676b51def3af2445f2\index.txt

Filesize
108B

MD5
50f64d7b32f858289e3cb28e0291fa36

SHA1
e64604ec9e1d15adbf0b882b5ca397b9e3057e06

SHA256
cb529d8396175ec2253606319c6c866a1dc72a6f47458d368b0efe54160ffc6e

SHA512
1a1f8f09ba9ffd3a7405ce75368c04c01bf4562e2e8eaa567db557f0c7a61f885c4d4d8d71873cb67ebf8b0ae778d30edca8894be5570e0b38c3b17654095949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
9f117a97af64eb3ef3bb194e5f723396

SHA1
ff4847692b7d36b366e33beaf9e9b1e2d096d374

SHA256
84bb844feb0171d05ceb9b6b0b7ceca9feb24a89df8d8e330710e60140bc2e4b

SHA512
7bdb6845fd445923b9c4bf6be70074dd702cda3810101e28a95b8ce91638d595578021f2c393df3566efd826a2032d03da0a13d3c894f6c96671e647ae670056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57949f.TMP

Filesize
48B

MD5
0ffc936f73be5228aef89229af441d4d

SHA1
5f586c7a94b76347daf62fe4eecce8340d628ebf

SHA256
5a42447bc3909d7908c6714f608b8f35bdd35473e471150bfc25bf2ef3884d9e

SHA512
5b30b3cdd14a084c5297e28814705fd23d90765cceb8cc326674479a05a4686023493c8d60719b556a3e59795956b18122383dd3853912b2a606e26046aeaf56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
067e261e4424bf8f5e88c34dbafc430a

SHA1
5ff504315de45f066cfa9556cc9723a5fdc96236

SHA256
d54707aa186cce4e754069792970b80e9b8f176c9e700b690de2243ec9603b44

SHA512
ecc5c46791a0ab3c8ee4353db436b737a31f66fe2cb1c7d6b0d5eabcd7328b006f2ef8a4d3c6d8c1c1997d9619d9aea19fe0111aa238fe05e942408ebc863a89

Download Submit