hxxps://app[.]jotform[.]com/243241085645152

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.jotform.com/243241085645152

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
5088	msedge.exe
5088	msedge.exe
716	identity_helper.exe
716	identity_helper.exe
2220	msedge.exe
2220	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 3452	5088	msedge.exe	83
PID 5088 wrote to memory of 3452	5088	msedge.exe	83
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 2180	5088	msedge.exe	84
PID 5088 wrote to memory of 4940	5088	msedge.exe	85
PID 5088 wrote to memory of 4940	5088	msedge.exe	85
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86
PID 5088 wrote to memory of 2172	5088	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://app.jotform.com/243241085645152
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb0ca46f8,0x7ffcb0ca4708,0x7ffcb0ca4718
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5880 /prefetch:6
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7738929296869999052,15507514868468977457,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
3bac5fd0b2fa1741a561ab26ace48fb8

SHA1
6aecef26ae88153a712ed7fc37d6fed2f0e6d8a8

SHA256
3f47f29aa9f122031f7f73627fda5b29dd589029ee941b8c2bd74f846fd679ed

SHA512
b907cb6c270ee171310d1de3be098e79e428b4bf5eb1320aa1da0afe55482fc57f52d8b2a375ea6aff7f123fca5062d020119a32d2a2a90489a52f16de1641ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
78d29832cb098d048e7f995abf0cc7e4

SHA1
59e0fcbca3c6892eb4db12c12c95e8e1359829ce

SHA256
77173061c9a336aef813251102a3db7ef7960be8eeab254a100d09816e3ff618

SHA512
6c4c5f0e418a62ff9dca2378b3b064908ae9d2005349f15c722711c512407bf0ef1f168ee8a7bdbdaad6c0f5eac978e2ef9107c3398f125d29d4302458e1d2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
c70ba1bdb007f7fdeb60e91b6a3d7e80

SHA1
a3654b62a7cf8d9949c157dda3179900bc75c06a

SHA256
6c40eff6e19baa7200a9dfb3ed104949d9bc238a6c90abf99b46f8f45fc50c62

SHA512
02960409a2d1d8498c8c3256473bee167072ab8a342dec440f3d41674aa8b4f060be04e2c1ee0b78f808b6299bbe65afa03e443e6e30900ca0b614c26e221784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
327ae892032047f64e0c8dac8ba095b1

SHA1
42ae8e90b5a6f996ee475788c18b4ae5bfc1ce53

SHA256
e84b24a106ed8bf90b1b0665a7ad9247a180819cf115be9ad6dc73fddde96d82

SHA512
155c04ec90838388deca5be2008cbb36917367af07e215913276ea884a045481088e64ddb5c22d3a7a90fe693c3221ff70cfb4270ceba3f98aee29d152ee19a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
88a125ede27fe7626c6f79853615f07e

SHA1
63afd5cbe0d1272a8b890da3997bb1cc0fb3fa51

SHA256
0f0b28afb06d7a33a39fc65574fb59e005d9945fd74329eb9162d797286998f2

SHA512
36f564cfb7bb0c7098eb9ce842ab95d33f687dc861256f87367440e2c63fcafe44625bbb333ef33274584159cb31755c15405c554c5b9729f4ad801ecda2203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c5907363ab47d1d957c26e5734ed235f

SHA1
ec344b78478643c377958ac13a7409611798a143

SHA256
ff504e42578ea115a7cb198895fa20f77276ece11d70b86b01ae31d4a8603074

SHA512
02f0432c554a7b3a2fe20cade764d90e4dbc8125b5a01d04c0991b661b65962af11565bdb5ee4d8a730cfa30e8f462be77d1d9bc2f08c2243c6106f0837a45b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3429d4362cd0e8d26990aee8cae99dbd

SHA1
076f1bef26ceb6fd481dec278f21d8b79365909e

SHA256
09387b7def5ccac9bb9bf72eeed7ab7dede36cdd24c1ade6d65196671783c927

SHA512
dcb2352bb82e0c9ff1b6fd0f1349dd472f4eb3db1210ebd8866eb85838d83a51d0100e5528b54a742fc3879467c4b887f9b7e990119817162505d6f6bd5003ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b9393f5574ef69b79a8e395ee8014415

SHA1
18929b0816d89032d3d1dcffc30e4e50c0973411

SHA256
8257ebfdec2cd14c15f5fbfe70b7fc92de76526ac49da223e579d47aa3fb297a

SHA512
9c4d18914fa45d4130405f0fefb84c2921343f7406a023b1ec3a22585e023c0fe471b1d99401a770bf23541d15a1443dbe02c4d7e8931433bb8fdab6ee677841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cb9238df5cfff471b0d46ec81ddb0b792489e007\index.txt

Filesize
107B

MD5
c2aba5095f8aa521a497faefdedb3647

SHA1
10ebe8c6225598a2c41dc4ccce022ff2406ecc15

SHA256
6ca26ae3d1f8787f067eb901dd4b8a5b8e892522977c52005c72f575c2aba303

SHA512
a14c4947cf46401ef3937eea9aebdba7a73deda23614d6f3cecf415a0c8361a86dbc60457771cee16394099e160728bd8248713b15165c34e97ffa03a833b6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cb9238df5cfff471b0d46ec81ddb0b792489e007\index.txt

Filesize
100B

MD5
77e049adb7111eb292acc448f47bc907

SHA1
453ca422ed6fae750137569a687f8fd98bd98617

SHA256
054523bac0b8d4683bb05dbcae6b5b7f52cfc12765ec7eeb2a9c504f782e9867

SHA512
146901437df1c3e5ba80f053f8ec1c36e192ffa2fb73a06b88260db529224f5f8e168b9f166bae0f74872937285d7b0ad458dfa11d4157c8cfd416994738ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4536f406008df16c7854d33b350e2e9c

SHA1
eca049573c9f8d89318e72d052bb668721b3cfe5

SHA256
213b9c97a556d71aeef63a0e7b46117e4c76a8b557e84cb18d7ba6a10619ecd3

SHA512
3e3ba7247a23875f47758e90b775bc6b7f2d7aec050ec17bc59067fa447f6296917b09a7a7665d49abb84a1f7b84a292dd1a5dc2027abeef819bd6f6681bc4d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d198.TMP

Filesize
48B

MD5
d94de8fa7a8bb98faa2ec941b04ef435

SHA1
bd5185542a9cfc33b05668f0cfba076ee0d06e11

SHA256
d16fac0ac36ed691af446baad4ea51a475a87687dbbb6ca10fac211fc832da03

SHA512
f8e47bf98d9a009cc63947116d59a688c817974037c147d1ad6c36ca4170cd71d4c9767983a11660abf0be51fc8a402a1c12263905b9e8658d6a8c1b707b58da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
3e56d88d72aef8c2f0aaca9db576254e

SHA1
87169bd67b0a62961d6e17333770253af53cdcdf

SHA256
ddcaad167ba1c982f7607e93e3ec6632de2a9a5544f762c6637fef81d5084c6f

SHA512
f907c67ed45b335f61a475b5d502013d125e21f4c15dc4fa268d2d3b105198f1eade979d52f6ff244fd8a7072e94f4fe3ce34041e16a432304521e4f9d1ce3cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
fc10101c5e233ae04f95328270938b0c

SHA1
9b26d0c5ca20ea8b46431e4ea3d4d17e98f62c05

SHA256
61556a078d69a5097b789b62201452ab1b9da878fea05e2e392f0f9e4f296a5a

SHA512
ac73da882dfabc74494f4526c063f83b40854d6917e60724e682ebc3a2ef7a969f5250d5a5b388f540151eb98092238c7dda44b4125bc3e6a1e5075a4c79b898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e57e.TMP

Filesize
371B

MD5
23f58b9cb7b4c1a8301befbe53765f16

SHA1
6d9e632af74205cf5736f294a8434ffadf22a95d

SHA256
617f4c7f8004574216ae17d82fcbc3a813f401d204509245ee70621f0d7926d9

SHA512
0b69d1f77ec1277da1c9e526c2183e3e153f1258c8ac1cc83dfdc29ad912af7f42e2fce68f740b3b2cdae4eb4bdac86538a521dbe145d287c5516a58456e43f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
573507b259e58412f6624dc01ee779bf

SHA1
84c4bd8c6bfefa5a62f6367ac7283457b8a0c3fd

SHA256
49e55cd197077a370d0a8f5eb67b76d102ca2f657b27addb25aa146a8fbc32b4

SHA512
a7aab9e214f4955297e52be03b5a50ad87a77136e6154c6e61e665996e718adb5f054c236ef02b523d8f79b4f524787b8724becb61e74d48b5112e0ef64b0cae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\22e33e88-689a-4549-8f4c-2c14c1fc3630.tmp

Filesize
174KB

MD5
c5f390423a62def4ec1e3bdb4c4bd257

SHA1
01c45198be9f43fc434e1243d8385e70302a7e28

SHA256
f661a1e8cfb12957c97e9a51f9988620e5e3b9f95d325bf775e7eb5f9aa9ebff

SHA512
c001add8f3315466df72d47d837b298a0ec30762c63d8b862f485b196c93f2fc7e51933eecb07a59dc3bc4bd80c4aa951f2ab4c5aea751a61027e563efea93d0

Download Submit