hxxps://vacban[.]wtf/?vacinvite=8c9e21386eacf4d518f1d2860f254ceaa5843282

Analysis

max time kernel
145s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
19/07/2024, 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vacban.wtf/?vacinvite=8c9e21386eacf4d518f1d2860f254ceaa5843282

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1588	msedge.exe
1588	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
3000	identity_helper.exe
3000	identity_helper.exe
1220	msedge.exe
1220	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 4996	2108	msedge.exe	78
PID 2108 wrote to memory of 4996	2108	msedge.exe	78
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 2480	2108	msedge.exe	79
PID 2108 wrote to memory of 1588	2108	msedge.exe	80
PID 2108 wrote to memory of 1588	2108	msedge.exe	80
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81
PID 2108 wrote to memory of 2184	2108	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vacban.wtf/?vacinvite=8c9e21386eacf4d518f1d2860f254ceaa5843282
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc99363cb8,0x7ffc99363cc8,0x7ffc99363cd8
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3272 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,912757965054077464,5903466587319439445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1998107017edc46fed4599ad24cfe53

SHA1
47e92f0646f0de9241c59f88e0c10561a2236b5e

SHA256
cc6838475e4b8d425548ceb54a16d41fb91d528273396a8f0b216889d79e0caa

SHA512
ef7228c3da52bf2a88332b9d902832ed18176dfff7c295abfbaab4e82399dc21600b125c8dad615eb1580fab2f4192251a7f7c557842c9cac0209033a3113816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
21cf39beee4d807318a05a10dc3f1bf3

SHA1
01ef7fc09919eb33292a76934d3f2b5ba248f79c

SHA256
b766823dabbf6f78e2ee7c36d231d6708800126dc347ce3e83f4bf27bc6e2939

SHA512
0baf8b0964d390b9eb7fafd217037709ac4ab31abcdf63598244026c31284cd838f12d628dcffe35d5661ba15a5e4f3b82c7c2d9226ac88856a07b5b7b415291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
34KB

MD5
64e23fcf925edf0eac35c87a30e32661

SHA1
427432a2550be26ebe18e5ce4b5f512c4e0dfe53

SHA256
2eb4d0e3cb128980fe742a1ba48af930185bcad854fdf95efd360ff37534448b

SHA512
c24cffe4abbfff4b14c19b986ee28d0848c3ea55aa5c8c3bfdb3051ef1c3320b553358c837b5593d8eb8a130e4fc912ba06ea5e8488bdb89da5b707021ff2708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
75ddb5c13d91b22efff875be326b541e

SHA1
70ca5cabfc062b4143a5cb229f85e8605d1aa460

SHA256
8e7583d4802376eede546ea2df23788d8621282cb9d84f2a14d6394bc44e348b

SHA512
d3c7de83eeee5076dd7c844f1ab16260c9048da1cd1da148efa64a2879f3fe570b653b16fdffdafc9142a2411400c55da35d62ac67e402e3e97b2047c681f13f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
1bc27866d8c9f498c129d86991c1786a

SHA1
b6f85324268c49d6c79a11f40d3f9049789e2f31

SHA256
c7be59292b19fda42f1cd385c1da13b42b3592f6af7fe7a1e5021fdb91bd48d4

SHA512
e24c0b09748ba530860788820e50f418c4426020dd088fa47707b5f87634eca5ed40b733258fff6ddc2d0f30b9f599d1d765397e02afde4b476fd16434731a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
15d7a6307f8e653e15f1677d4079d495

SHA1
4bd97a7e7b0f4e63e8e2f255407f95f77717e67b

SHA256
718e05ac19f625f9e3fd66fe372e3416bf62fa307238c52a8bc175263b19bac8

SHA512
66a53c76529e06b0af3260cef658e470fe5d84fea898cbb7fc4292c7a66a3b3143b6479a8f87f9e7a132177b1da5a221b64866344b9be965e2d775cbb5cdbf8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f511a70d038e9cd20b8480b228151e39

SHA1
1e743e797d5ed5bb480419c9681b456abd51602f

SHA256
a439df966d236b5ef27018b49a276bbcc589682f3997d570e5e95a1557030305

SHA512
6c584e01884a9af580860bc7a5a4650c14e4788943a63279841b942ea8c176f93d8f086b416dfe3602190fdf06d2d9c3854b02a71b5d7ec788c834ba27d23113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a9a696c523cf307f98bf6c68cf21613d

SHA1
8885a516e7907eeb333399c6227809d08c2aeb80

SHA256
862659283dca795d91cac2579efc1f7b0e3b17da808307d8a086bb2fc6ced00d

SHA512
f793883f0bbb66f74ed9406e1ff5334cf5f20fdb7d4a129241827cdaf03d6e80732471f119971ad2007ee210ef9baf5eb1fcdfd1b4b8bfefa3ca9bc9ab39d976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
798eb708910f9db2c30b1b0bf3e6c312

SHA1
679735dc5329ab63c7e867bf2c3c2f0c5797c04f

SHA256
cebb4136977fe20f1fb9f33f10d3d0a02009decd44acf4fea6b0c017b19efe20

SHA512
a98f7ec3f09fffc3003b91c3ebe72f13a27aa6357c56e1d4ab9d13bca85190228d22037537318dc334f0686bad7401efa9e2410df08fe2f4972bffdd4cb3fa98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3f50beb4484f44d8ab04c940a0ac859

SHA1
bbcafd90ba4dbf83472279b9273ddd5b5acf1479

SHA256
10c7e74def61f0585679389e44c04d60dc9a2930a41d4418416a0fb2316c14c0

SHA512
ca477854d7f03a73beec5ba71fb373834baf674a350a15ff8801bfaf1a07c22abea3d931a0b387b01b274f90db0ce024582561310faa97e86f0190e15d950608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da831235c4723a93d2473faf076ae6ef

SHA1
7c42a5710efb8c47bbed82030e95ab4fce2e5e74

SHA256
7aa474e1f48cdd212dc4741fe7628137c807fed28832edbc9e5d95f02cfc4e58

SHA512
93b4da17fbc89d93bc7c9dba083e56f1b06650b25ed8c5372ea5bc256a713b0e3c489dd884527e2f6c1709975aa0807febe7d8fd65325e0db44d200b88ac465c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ace11da035dfb41ca7039220d50da2311c7e8046\60e43966-1105-4a3b-b009-5822af7206a0\index-dir\the-real-index

Filesize
72B

MD5
0501ea61d6e668c8f710ddcbf8325a79

SHA1
82fdbfb90480b94f67453364e13d6309e7c405b1

SHA256
a2d1a0fa98ea62f2bdf03d70c9e5a2769781043da146de8e36f595877690b45e

SHA512
942e14482ea6233b4e272f20387c8ee48e04b986544b7bc4fb6a8ffd2d03ed36ce09b3627adb641ea3448a33bec828af2055103b74b6d7a55fbce2d875995224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ace11da035dfb41ca7039220d50da2311c7e8046\60e43966-1105-4a3b-b009-5822af7206a0\index-dir\the-real-index~RFe58e162.TMP

Filesize
48B

MD5
59c95988af9e8e23afc94a4c2bfd6bac

SHA1
bf1063a2600536693cb0810949be1db68bd150d7

SHA256
e74ea4638604b30a3da1a950f5efd3704771c87b0e41b8a998a4463bf632c5ac

SHA512
124680831bb4dcd0b9580321f9104aa41780476fae8f941929a0fc487899613b67c8568ab7a704ebbe5cf91f416ccad53b7525009370bb9449b9a9b57feb5006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ace11da035dfb41ca7039220d50da2311c7e8046\index.txt

Filesize
86B

MD5
2adf798eacf7eecd755545c7d3b52882

SHA1
1efa5b08714bd2612a27a4d9588ac5f68eaf1ffc

SHA256
398020679cff320c40feeabfe3b7ba0b4894600ef9a8a6976d1a4bf64a8ee9c5

SHA512
f4a5bafdb22e96ae415be266605c93d38168d3f446a9f2382f35e796f3bdd321e89a815e574d1031c0f6dcd6d89fa4f894dbc6830e3a5b2bf0f21d9d09ec6697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ace11da035dfb41ca7039220d50da2311c7e8046\index.txt

Filesize
80B

MD5
dd0666bc35b4ed026319f847a07ca917

SHA1
656c4168cfd1658e10dd5875b3488e57176d0deb

SHA256
fc18f39fc3633fc8090409143c8719a4a78c21ea23048f9278f946be22bb9d6a

SHA512
88cb17da9c3e8a1410eda866c9618adf042f7a3ea2e21c9fd48a4fc64bc33896c88d7d5108056c7f20485429f506ff34a5f5dcd2a873c52eb44594d83b32ab8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3a546764bed2b49f4c86b86054192c07

SHA1
64d054639e53ea61beabf327cb31b6d306862aab

SHA256
8c47e1e2a10e727b7d5627d7aadfab61141fc6187cf233f4724b46e5ae49583c

SHA512
7bee87cc5a9a633584773ed93c3adbf6ea2a95f168ff0f9be47ae56d53ff06c19945434202ea55e0bd02e41dfba115f0834a816a299c00f906b04423a302d91f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e078.TMP

Filesize
48B

MD5
f60f2e1e75d93589051844ffc5e0b8b5

SHA1
e97b7412257af2217a91beb42a6a55af646ffa3a

SHA256
cbdc5eb6e8efe4619e71aa0f91825d2d65c80921063f9a19d567fb6c16e266ed

SHA512
64c8f68a3ddeaea56b495b5d5eaefda28cd33a4db867ebff2e7b2e56f9f6e88d068bca791d08e296cff67cc48c2ddc51265b09514dc34655e4e0b2ff6868fc1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bd7f8b1bb72c2003f071e5124117c027

SHA1
bd356b33799470d006d6ccd184b46a88450b5003

SHA256
7170b2d1b26abcd79aad1d898991ccf8b74b1a06e9431bfdc86390aaef2bf635

SHA512
091dfc09fa98e2228a50bb51a867a2c50e7d4aad05c04630846dc907d5af5dfaf136fff09cf87f4e360d47dddd81362ba1db004679c53a07d88eb9f20b45ae70

Download Submit