hxxps://cast[.]sklitright[.]com?A7FE4A170E0CB9FC6BD4DEE5076E61CB=H1xAXFNBX19aV1QNEQQwBw9cQ1tRQVdcXlNCVVVNX11cU1QJDB0LU1wEFl0DFgwPRlRDXlVZW1wIVV8NUkJfQw1ZFl8DF14KDlNCWEcXBw8FDxcAPh0LU1s%3d/&q=%s

Analysis

max time kernel
300s
max time network
300s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
10/03/2025, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cast.sklitright.com?A7FE4A170E0CB9FC6BD4DEE5076E61CB=H1xAXFNBX19aV1QNEQQwBw9cQ1tRQVdcXlNCVVVNX11cU1QJDB0LU1wEFl0DFgwPRlRDXlVZW1wIVV8NUkJfQw1ZFl8DF14KDlNCWEcXBw8FDxcAPh0LU1s%3d/&q=%s

Score

5^/10

amazon google discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand AMAZON. 1 IoCs

phishing amazon

flow	pid	Process
29	1792	msedge.exe

Detected potential entity reuse from brand GOOGLE. 1 IoCs

phishing google

flow	pid	Process
29	1792	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
3720	msedge.exe
3720	msedge.exe
1504	identity_helper.exe
1504	identity_helper.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3720	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3720 wrote to memory of 812	3720	msedge.exe	81
PID 3720 wrote to memory of 812	3720	msedge.exe	81
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1220	3720	msedge.exe	82
PID 3720 wrote to memory of 1792	3720	msedge.exe	83
PID 3720 wrote to memory of 1792	3720	msedge.exe	83
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84
PID 3720 wrote to memory of 2276	3720	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cast.sklitright.com?A7FE4A170E0CB9FC6BD4DEE5076E61CB=H1xAXFNBX19aV1QNEQQwBw9cQ1tRQVdcXlNCVVVNX11cU1QJDB0LU1wEFl0DFgwPRlRDXlVZW1wIVV8NUkJfQw1ZFl8DF14KDlNCWEcXBw8FDxcAPh0LU1s%3d/&q=%s
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd595a46f8,0x7ffd595a4708,0x7ffd595a4718
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand AMAZON.
  - Detected potential entity reuse from brand GOOGLE.
  - Suspicious behavior: EnumeratesProcesses
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,13848582801370006903,13012018618761258405,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3616 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56b88c052c247ffe0b476ec079b68d26

SHA1
f5c0ecc4db1d6d83c9b1211103923b5dcb422a00

SHA256
1a03ef362174c9a3f5863436aadb8f8430dd6639bfb6c3bbf57a9d8a502e12ed

SHA512
29f4f422a90dbf625d1b31a9f4a13fcc116fb489bc42d5cc2e504df89bc2d2ab4f9e63812232a30342b36d1bcde009605ff2f44521654c7e9d1e496bfb00efcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
b78b5c4671c26f1509dc6c7ff058398e

SHA1
cdd970d25e7e6a1810e728f4fb6ee35d1b5ae00b

SHA256
94ebe9c247ba14fd314a779358315f3e9dd2356c0e8070f42b208db2d5e21d6a

SHA512
4b07d6f4b9982a24ebcd2d1af65fd34899a8f3144481ad1dc7db7966e4ab9287032e87225359d0e75460dae4bfc2ca7a7434914d665b1cee66c4a559062ef14b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
5ca5c9a6d508e39f9ef6fec8c4b4b260

SHA1
a7f39340c6a6883e71123f68ee2b19ce5b36c3ef

SHA256
d0ac889e7b4a21e4d08b5b6b483270d5201f8dc9e4e7452b066414978384ab1d

SHA512
1b2fcf1bc65c7b5e99609a20f63386e2b16eb6997cf2fe5c0607344021db1b9e29551960fe158699ae503631182415778606f7868b7aaad563dc887cd48474f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
012c6e55dd942296e06ac822605e1931

SHA1
5a5cc2eff557a41fbe8f80f19159a76b4313f2fe

SHA256
471f5a3144b3fd7b5239fc03b5c38ee3cbe7773c750068175e57d61bb411669e

SHA512
a0078e786d6d0b48cfee5968ee77bf74a7b43016d80338a52f27d64b7c724821d96ba7b14f3374fd654595739b63d57f456b08ec3d8ac4e84b054cdd044ac37a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
808bbc8c826f26cfaff5a01612b4e3f0

SHA1
23309c3bb3beac27cea6679b2daaebf2ee172f45

SHA256
60e8d8ab42b2e7956fa06e89cadafd0c8ff4b7026d2937fb6f478a25c7f20ad8

SHA512
3bd7682d0f84286717a0ac8ac2ec746ee439e0d7e4469f905a0a6b7690270b438c0252afbe3d36aa1d8a80932b4f255e4e3b9ab1ab5becc170d2558fedafe959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9026c3966521db10aef05a05f3148a72

SHA1
b6da01d1a7792578156a789e0bb870d2e5a6d3f4

SHA256
069b8b568887e5ca39df048190c0758eb4c4628fd8b95fe0615fb06988ba44a9

SHA512
69ac612aabba57f95585afb0778df536865ebd80531fee86a3153cd4fea3197096bf8b5d7df6b65b3781db4d485469d22b348a31bb35272cf4ccab906391e3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
263f3b2094d8c74fcc80ca62cb3a1ae9

SHA1
54de5215b9ce2c6abc2da0b821f441296b7845c7

SHA256
a0182a10d8a6cc789d5a9d85b772deddb6408c2dd5e5c00e98e79cedf1fb46e9

SHA512
42677abddc849ef15e778698a69a180c21321e8eb6d40f592fd09a77a64d5154ef53898084d34f7cc06360bc0aecbeb8cebc03ed4d11c40bcc74e148ff27c337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d2e40e7cea116ff4c1a385513dcf840

SHA1
92ea17a277e6e41b8a2948bc012ed079a1a8c4c1

SHA256
d7b6e810f540ad136439b71f03ad470ee7a5fe021086f0dda6d01396f6ea7373

SHA512
06423f3a26ab1ca8ad6df4153d88172de5a1d0559aeb6b64cdbeb87687ce68ab3087d78af38fcd650b90d1fcba7620ed9929a927ce5bea02994576dda99599f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1fb81ea52a62570d09f651afe2e0902b

SHA1
8446e603941a1ed499d6a3d9b300dc5f702702dc

SHA256
54ae0c56e6ac2e4ddf9ca3e0b310ae8c6e0c6f89bb8bf7311cb1b819f418db15

SHA512
cf6596c372763acbf8003d5814298932c4b4a59320bc83888aa7df5e92ac222809966b00bdf93186f11e42affe3fbab6e31ce69302ad27291dad6c740c943198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f07aa0de19247e1432a310b5a9372fa8

SHA1
02d14440f8a32a0a4aaf7eb1626a4b7f6f8a3ee2

SHA256
e6bbcbdc73e47c0d682c4f496f7c17894b2f49f2c5686375fce4517a35914758

SHA512
7dcedbfbbff36d8984e6b4c78acf7c18dba3fb0d2c53cfeba124671be868a03fb7101f303699b25d409414aed6a418d5f63a212f95ae583f52ae6dcdc2b6ef3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
541c38e9fa026415e23998f4b6b90522

SHA1
8d8f98f6768a195dca0117117ea0292eb7d35857

SHA256
24f1d1211d7fc76c6ac8550fc63035e59cc7a5bb6c1d5768f4c520337e62a7aa

SHA512
fddc2cef41defd0102bdc3a5ddbd58819d34684034788f2b5e7c9b26db5f8b787359d5a38490baf734f7181c2e517b7243d54eef5130bb06593e3875abd3aad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
97e4ed91c706ddfbef2bf963433c6a52

SHA1
d9d9908845b3ff2144e49884e2486d60e3b6f1c9

SHA256
74e21f961898a152cf29c23e55240c7adabc5055583d5b570963c4350dba8996

SHA512
b300d0d493327268201360be6264e72b5fc5b4aef85eaf1ac1140f812a7dae671ac2a7abcb0380e850b0fd4b06a091f4a22975c16b84cff7e3224d1a8c2c5a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
68eb7a5cb9d352873472bf9ba3326ff1

SHA1
e3d6db1e3b556636371b3ab09ca64fa5db861f26

SHA256
af1d6e85995f5983784bc30032b888f5dbbf4fdf245684caa08c9a9b851968cf

SHA512
240e8b57ff794b8e2ccdcf19025436949e05341c2f81976ef4e54a6be369716f5b491b2d39b0bea08663da0115c85506afde0fc7b1ded856c970f3fb82b73b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ccb1.TMP

Filesize
372B

MD5
4fb90e9f48d2f57154c6ad35f58cf07f

SHA1
398497702730e0b08679571567a71e650dceba37

SHA256
b812ac0829e53547c7618a0fcbd3b6918c7fe680ae5813190188db6d9ad42847

SHA512
b76b77b6df46d40744e7b512db8d08f376fb40a648ee1b36aa40929270a5cedacdcb181f6d09fff8ec52e16c4aa8c47540f9acb3e5629a94ce183d6cd8312f9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a804dca15f3bd68ebe81d6902ae80f67

SHA1
fdd4b32ed0ab8d47e8f67abca5ecbdb1f14eb75c

SHA256
5c2ac190918433c4c7adf2f6904483556e80003260d1d3eb957dd4434e82a218

SHA512
58baf1ef2c048e0b25880acb17afe7efa4db63b3df1ad1c57f8adaa84b232e4046f1f57f82917f3d9192273c3308ff6098f5d0837c3605584072af14d22a8a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15d33c6f1348daa9d7cdfc1fd4e452de

SHA1
48396a91b57c162552f947afd03762aba44b8fb3

SHA256
a94f96e3f37ecee79c914240d544f96ad23c64b7097b4e74fbfbd085e91c6f5d

SHA512
a226cd1c8704629e420343e5c7c5911ed7d5af60b45ac20033dea47e64f926607c1c9acc3514ec9096f018e8ea84797bb721a3e0e0825d3251b26b312fa66448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8ac917d04b92084eac86a2bf8a2293ab

SHA1
ce65a0e6d7c51f144bacdc395d13d3e2a414af16

SHA256
b8d89079320d0f76af87b3f7db1eb2b023c6dcab5773a55a54d4ab72d99acfc6

SHA512
503dca58dde0bc136b4689d1d167e71196338a238e94ecd8bfbd15024950d2fd392e67f8819bf16ebe04befe4d7e13ebac607675172d894ae05f3ac109ce0832

Download Submit