hxxps://sounditoutphonics[.]weebly[.]com/ar-phonics-worksheets[.]html

Analysis

max time kernel
241s
max time network
262s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sounditoutphonics.weebly.com/ar-phonics-worksheets.html

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
3300	msedge.exe
3300	msedge.exe
2272	identity_helper.exe
2272	identity_helper.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 672	3300	msedge.exe	83
PID 3300 wrote to memory of 672	3300	msedge.exe	83
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 4764	3300	msedge.exe	84
PID 3300 wrote to memory of 2284	3300	msedge.exe	85
PID 3300 wrote to memory of 2284	3300	msedge.exe	85
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86
PID 3300 wrote to memory of 4668	3300	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://sounditoutphonics.weebly.com/ar-phonics-worksheets.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1fe846f8,0x7ffe1fe84708,0x7ffe1fe84718
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,11419027629332190169,5847593325879937410,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4440 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x2f8
1⤵
PID:3212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
67KB

MD5
46aa18a8b2ade7e31e2a3762ff26bf8b

SHA1
9ff6a6047a9a55c7353a76df0cfb852736975056

SHA256
1223eb5bc9b03f3d19ef82a051831e07f0c10a7a4c8fe1c4de9476bc33b74613

SHA512
c34538705dde5bc8c06c7605d33140eadcf7aaa249b764f9b9f839ef739068e8745f08ad53355673f7542dd8d6a09d1d150702e11228dcf186054309efd8fc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
69KB

MD5
98d70ae781bac818af44b22fba8e72fe

SHA1
ad3882b0ea9a93807499f4f63bd3aeec7491cd84

SHA256
d2748e5f8e31dc24ee362a31a7b076bfa02afbdc3ed8737a455ae6bd0d11c849

SHA512
96569451b6023b4e5c602552d06725d5376faaff2a3aeb59c30f2085035912b7466d89552e00d713fb152683d51deb6d56beaf77bde9cf92ab73ca2a446310f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
28KB

MD5
ea10ba55461b190b38f4857c4adcf471

SHA1
ff1d44228a88951ac9a3a9b1fb269d3404224a7e

SHA256
846adc126da46d52d4864789f12258353bcf4a4f7a36d0a6996f7b14d83b5b69

SHA512
95e3e107168256dba085fca9dbf6f861d7ab599d2e0d350a31414cc9ccd1bd40f00d1deb6c2000651f43639a66f79124562826a0a04d031a74ac081fbfb4c216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
43KB

MD5
b5f45f2e91fbceb858688fa48ac31ed1

SHA1
954112e943d86e07dc81211f2fabb302a84450e7

SHA256
92508e84640dc170cef8e842d27d37b3e3e31cbd03f0d3315239c3fa7325ce32

SHA512
c54b90ecddca0b0ad625a72cfe50f791ed7720c1311f0fe7bccc4050e39c206bc0f8deff016d39bed7d0e5cb805802c1120914d6c571c089c7198a797e784ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
43KB

MD5
bb4a98af7d8702186b450fd5a4fb3538

SHA1
91afa5f00401406a01482cedea05093d365a1ce0

SHA256
331db64b7813eb5af45539d693d2f0959eec31dc8a422b461b9b97dc682f0e1e

SHA512
5b66a60ebcc3df2a235120a87daff99e839ccd678d644f373ae783c4e0d4c93fdb4b8561482ce7ea18222897697e5a1d84ddf56ff2d6f3878a66dac1efe605ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2b2b89dbb2fd6ab62b804be229212a1f

SHA1
09ef05f4e8f246445cdbdf53b5ccd3f9c4e4669e

SHA256
0fd818ddaadc89f7ead132c1fc38ba5f203502f5b7e393d0edd1c7dc181a0feb

SHA512
525449a2d6f51484b998bc669a539dc828017aa9bc8c88a11619b3ec4837c5c12d02ba0364b1efe2b618b51f82f3f60cb42d78bcec88df3d30b1a6db277469d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
47ca05febe04b481cbffdd761bdaf8e9

SHA1
32d2a0f0ae9a5c054e8fd513c6700095f2a75b62

SHA256
a4f278b50848319b854240a41503baeff0d7864e4ff51d17a0cb4e3642331e95

SHA512
3e70f0aef91b3d7445c58181614517fc53f5684426795d7725b460c43e1da60e3fbafd5eaf62f610e830616311562580b25b1654cff054a80c7aa6d00f157719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d4bafdbb8c7a486f55783919fa6588f1

SHA1
45ea1fef6a09aab72a7b30a5367bafb634777a5e

SHA256
79b74b917056a54a95043fe5d75630f0bf81c4b7c80c336968baabddc822639d

SHA512
634703a06dd126b7489fc2d627e573fa48d53a766d1aaac861b61e68864410fccc2c763d59ff3bbace11597c3bf5aeae02f4fa2a0c2268fd55775d1fa013ff4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4fb07b47af96e82fdbe22a626669d39d

SHA1
359e6affb1c0819be57bd93c91f7b070c863f4c6

SHA256
4007f31956ace8251349d4903dd75d17329ba9eac0c57f028fd061bad91d1918

SHA512
8e922515e991ea7b8cfd586450a78adab5b2a41ea020914817fb174bc79c5a75c8ce38fae09ad8292c9ed65c0732584ec16f4d9ffb7d252f2efd62bb0b868795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4be74481b71bf7c31d674dd1a7cc9bb1

SHA1
644a8132c45e033790b80f2aac8aa3dc76094afc

SHA256
92c082addb74a9682ac9a1a6a1ad916b75c4628132df880e5436718347fa3cce

SHA512
daceb916d99ec266fa44165d09b10dadbb9d25f87916ecd98db9d8000ef91fb7dbc75b1ded712d5757857ec80ab547056e5e30222526bb812605456df2d2d9b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\70dddcee3a862bf27aa8bcdb7033fda9b73a4c8f\ec34c2a4-2b40-45f6-9c25-2e39a63587e1\index-dir\the-real-index

Filesize
960B

MD5
412831807df02ee661fc557bcd6888b0

SHA1
c85ac3d47fc57edd0c99f0c0157c546ac4f912b6

SHA256
bca166f70cbb2e67a7f94f4bd65b62d1aa848fffb0d6b6e724b2c6591e701d0b

SHA512
f7b13e6916afcb534490c41357c8e7a06b18d6db80feb4777c0c85c50026b56cf90d048d1a11b75c733cc854c32044e15daab3a41f8123f2331ad3fbe3b7905d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\70dddcee3a862bf27aa8bcdb7033fda9b73a4c8f\ec34c2a4-2b40-45f6-9c25-2e39a63587e1\index-dir\the-real-index~RFe57dc18.TMP

Filesize
48B

MD5
1e3ca50b7f0d84090911fd06e1e1f2ed

SHA1
72c886496b0ff665e0b6f03643f310ae94403b23

SHA256
c326561854ed4aa1f6cc6987dbb5b7815ad073b5a1564a248c6188760227fbd3

SHA512
4e08b7c4c55cacfe3014ea465cd73be6f8cb9d7a7dd6d14be6e3d3a5c558ef0f3e3b10d17ba9c87493065ff8253a52d494689c0540beaa64708a6b701a7bebbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\70dddcee3a862bf27aa8bcdb7033fda9b73a4c8f\index.txt

Filesize
116B

MD5
23d19cb727f883445093af56e5d6922e

SHA1
170cc37bcbfed2d129a4ee7ff422a45f651bce12

SHA256
5a0f7ec0c672fcc842a6a512981ee7587785d90c47c24d6b03d36079c1c35709

SHA512
40977cb08899ab67abde53b25e3041fb19013e933fc45d9015e93fdb851b23e0b059849f7388a1e316ded175b93da6fb667c2d3dca4ce179d2c89bfe2534a3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\70dddcee3a862bf27aa8bcdb7033fda9b73a4c8f\index.txt

Filesize
111B

MD5
39f98d3c40e492d8afdc3036c115a47c

SHA1
3efcec31a1903689333e53ee9013334af70fe95f

SHA256
d465b5605ca0a99650efa420ad0563d3031d64713af7931223980f67e4312308

SHA512
7512318b05a68ca3e00a1b1139b0bb8e0db261fe5868446983fc53e0e5ae20a8b12e6815544ed3093215a9972825c897fae15e43acdba86ee1f7729a558a3033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1f27da8d2095574a6f219c514ba53dc1

SHA1
271a1330c074244f73c431bdbcb6583500d9b1d4

SHA256
cebe64cefbfcae81199de26bde19c2bdaf69c30aac45b2b7507baf13c87ec899

SHA512
3d0a3ed5e3c2d82d270b010039edc39146a2ae4e2b83e5caf5ed0b08d85233a7ee0bdec55eb4b47f759db883c115d2371ced90ea5c524d0dd0cd7e7a9f475daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d5fd.TMP

Filesize
48B

MD5
a4c99d479876718f89f69eb1acaa3280

SHA1
6b6e676d07e63103f0e023bfb434e2661c2863cd

SHA256
1ad1a562519ecea3a15f804866c37a5d0d2797f0bc77f58f948affab5c8c76bb

SHA512
f7ed7cc5028d9d879b2415145fa6dde805e72b6271429f991a8461390363e06ab5fb50c5a3759141d3e0ee12a10bba1e40c4453068efd663c253c186bd882276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d7dedb61c949ff620f4e58e9d1ecf61c

SHA1
60e178aab8db3fbace38f6f861ca5039dc2242b9

SHA256
596b5d9d5eeae51dd54affd2fa490b442a7474225aaedb50db01103ec08dea49

SHA512
11830af621f6e27a98b3c145c1c84bb80711da92fca8e52c0bfef7df1c9144abb566cf305c42159c7563a79d4955b0a32e78030169a3f2248da19a09e9374f70

Download Submit