34cb8412a90855e0915295202a66cdd71448988711257a424e78c364d9c62967

Resubmissions

06/03/2024, 20:41

240306-zgewsagh98 1

06/03/2024, 20:38

240306-zes1magh69 1

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

watch.html
Size

857KB
MD5

74a7f97b3b20c0e25e30376036dc0021
SHA1

2fcafd781089283d134e4e99c1f16308ce24b246
SHA256

34cb8412a90855e0915295202a66cdd71448988711257a424e78c364d9c62967
SHA512

f8e4a170b11264624094a79d7a70b4d848485532be835d8448a14c9084a2be6eeb79dba4cf9a37c3d52be3fd3b14cc6f98601ed26a971061e8b3e5ec0a0fece5
SSDEEP

12288:fiIOI+IBI2IpIlIGIiI8I7PyEngsxq7qXBchZ72a:fK2s2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
2840	msedge.exe
2840	msedge.exe
5796	identity_helper.exe
5796	identity_helper.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 1176	2840	msedge.exe	89
PID 2840 wrote to memory of 1176	2840	msedge.exe	89
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 4936	2840	msedge.exe	90
PID 2840 wrote to memory of 2656	2840	msedge.exe	91
PID 2840 wrote to memory of 2656	2840	msedge.exe	91
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92
PID 2840 wrote to memory of 2712	2840	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\watch.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd64b046f8,0x7ffd64b04708,0x7ffd64b04718
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16929368618585240384,1675305164771576156,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16929368618585240384,1675305164771576156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16929368618585240384,1675305164771576156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16929368618585240384,1675305164771576156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16929368618585240384,1675305164771576156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16929368618585240384,1675305164771576156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16929368618585240384,1675305164771576156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16929368618585240384,1675305164771576156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16929368618585240384,1675305164771576156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16929368618585240384,1675305164771576156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16929368618585240384,1675305164771576156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16929368618585240384,1675305164771576156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16929368618585240384,1675305164771576156,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2e043d1fdb81cefc88277ef3ffc543fd

SHA1
44dd0b244f60085be4669d6177cb4e2aba41e7e1

SHA256
e60991ac36c6b2ac26c806d943ba96e497a35f60d7fb1ad0658f4328c419258d

SHA512
3df4581abe790e4b43a58f1d2d653977cd0828a15f4cbdc901db005f7fa9daac470b5f28df5d860c5682e5d734f23479b3ed2e7e25eb2ca0d28beed62433b908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eaf5e2bb0bb3549cbd243a2e3f8b8dd0

SHA1
98e19eafbe2af3a9150a8abd1c75200c73001b70

SHA256
683c726a153b7947f6dac61109e25e7c4a4ee70a752eb9eb9ff17d4aee9eef88

SHA512
24bf2988fc3f886c92f824e1edeea540af0287d6cd2c48a0e4f76e9e903f5ab45e826dc6af2f62a11756362a6c32547d0db98a25c346bf92d046f47b4d88c53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8ec10b60e00b35961885e462255f16a

SHA1
2cee47cdc8f1f92823ef38a8eefffdb23182baf3

SHA256
96b8749ad62f5b73a3bc5a803e57855e67bdc284d38698b639253d0aabe0a6f3

SHA512
a0a833cf9386d55cee9f2c449b8542d81c73dc7df7797808b228dfdc05a3dace34a03d548ee86f8bb207f1c8871629edfc58ea49772820f981c557259a08acf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\5f0fa4f1-377e-4aa7-b80d-b3c1f3b56873\index-dir\the-real-index

Filesize
1KB

MD5
d51b31cf30f3f62c3294cdc46f1d6827

SHA1
111567625c11367ac39ea8b6dd05ff2a9b9495e5

SHA256
883e04e89464afd6870d145c1d68c337da12c9ea1b7ddccf5fc00a177658d50f

SHA512
dc79d5f3aa5248b7e9911e725ea81af10ab546c45e4724249d1b8e377aa076fc4d51bd46f28287dd59c68c54a77ca5c0a263a4457ade4a1c2a637c90b33c1084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\5f0fa4f1-377e-4aa7-b80d-b3c1f3b56873\index-dir\the-real-index~RFe57e87b.TMP

Filesize
48B

MD5
835d899222bb0f542de274d419e6cc8e

SHA1
fa4bf18be81f7f8656d7b88c5b35d6e2b33187b3

SHA256
24f117b8a2c932db11665c56e0d5d2fddddd912906e41c785fa8d6dd383f0967

SHA512
f6e7b610187737f49a87c530ed0577f1c0d989740626f2a331116f95813d0bfa7013d68528267bd73e5fce7481727765d04bfe11367b6c803317b6cf0cae9112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
73B

MD5
e2510c88182f4cf4abe223d6ae8d819d

SHA1
d5f7e5401b06b2a3c2ede06c3076d0dfa60d0a6e

SHA256
519c15e07afb3460a5b3888ccf968f46e4b12b0538d21a3119811ddf5dab9dd9

SHA512
73811a749451d69364c8838faa1240d389a3e8b0c5fafca785683a581720bbfbcdacbe6f311756f16749b41074195975dedc732c5988a77c7767f0553c66e831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
130B

MD5
78346c15b7a00e04333d4c106ffc12fc

SHA1
5f6ff84971c9899b2ede1ac3c9ddb4b0ef2d3d2c

SHA256
ad07094c875052652b12512a74659f1e9aa43fe265d823d408ea66773927dc55

SHA512
0959487cc13be6e7a0797f4b6b9706330b3f5e7bd1421f299c325a268ee901dc40d3ae0f9adff2b6e1310a5f857f81e3b64b96fed3c5720588e88e6230885399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
68B

MD5
4c6f52fff8cc8cd3e099b317d085d63d

SHA1
8308c4cf918f19e4d4123d7d705192d43678251a

SHA256
5c5b97052d44b68b167843e40cbcdb94c04e1c3c0368bdd51fec4e6b98589561

SHA512
70e3e36f8850b411926dc443d68fe813e7ba47a4deae92284989d45158d3e377e8483ac2f7f52f6aea1a418cef5ae6b12ae980e25fc97f9679718247d2d2de62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
66B

MD5
dc959573ae7c211310fd9a216ae5b686

SHA1
8bfe6c9ca42a408a33fb01ba99652a4bf7b2cad2

SHA256
60040d268e333ca9966a8663c843f0859590608e4f33c50e70eb6d8c6af33e03

SHA512
2c24149c4462187b8eb40c50d874954b8af9969cb1849b51fc2b9b0b2b81a874bf0c27725c58b3ab9c85f1be81825e08d3a813ba81663a351682fdd2e447df90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f8b5aa63-348a-49d2-80a1-9027b9d24c70.tmp

Filesize
6KB

MD5
d6cda5e8b2000cbe2c579b6a9edf9446

SHA1
284c6508ee1c686ec74b4ba74adcd180976b6de6

SHA256
377f9f7b0315ab1c3e6410a9b414d22d60398a146cac2c5c553c6a37a43c8684

SHA512
06ae8ed45d523f9e76c8f2fb0682d1358b113dec9b413f5cdc44f3085e38ed114dd64008aaafd9ab1d4915e4c3afa14755b0bb5d8204b1b2cf5e6fb69831adc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5048a6476e3335a0ef59c1ce7d7a64b7

SHA1
4c1327fb6be17a595cb4633efc218bcca01a20c9

SHA256
e196bba0b29f0d7ab4453bc9741e02b641433e42fc2231854fccbc023bf1acf4

SHA512
f53764638f8d38b1dde0e339ad62ac72ddb7ee8a25a80167f3f628cbe577d5c400016757443fa55aa2033352ad341eccdd1a8d25ffcc38a5216f8e1b53e73ba1

Download Submit