9ef3604a3ac4cd3f25794c6578938dcbe54ce1df7e5aa780c6695865d636e2dc

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

watch.html
Size

849KB
MD5

a515415ea58d351c022a45e4041fbaa3
SHA1

59a01c20ed7fd08fb4b10c9df7b089f28362fb2c
SHA256

9ef3604a3ac4cd3f25794c6578938dcbe54ce1df7e5aa780c6695865d636e2dc
SHA512

c364fcd9e29e344ba62cca3bed02b856e4c58d99828e6c4aae748deb2549ff9727caac3bf7f3fb8e446af92ab627dfea86840c5dd179e495822086370e9a5f75
SSDEEP

12288:ZWcUcic7cycnctcZcKc0c+2guqrqNlUK331T:ZW2g6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4328	msedge.exe
4328	msedge.exe
3944	msedge.exe
3944	msedge.exe
5704	identity_helper.exe
5704	identity_helper.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid

4
4
4
4
4
656
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3944 msedge.exe
3944 msedge.exe
3944 msedge.exe
3944 msedge.exe
3944 msedge.exe
3944 msedge.exe
3944 msedge.exe

pid
4
4
4
4
4
656

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3944 wrote to memory of 3524	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 3524	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4036	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4328	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 4328	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe
PID 3944 wrote to memory of 532	3944	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\watch.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff956e046f8,0x7ff956e04708,0x7ff956e04718
2⤵
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17981335062764314895,17018387837841830442,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
2⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,17981335062764314895,17018387837841830442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,17981335062764314895,17018387837841830442,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
2⤵
PID:532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17981335062764314895,17018387837841830442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17981335062764314895,17018387837841830442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:3000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17981335062764314895,17018387837841830442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
2⤵
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17981335062764314895,17018387837841830442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
2⤵
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17981335062764314895,17018387837841830442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17981335062764314895,17018387837841830442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
2⤵
PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17981335062764314895,17018387837841830442,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1
2⤵
PID:6008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17981335062764314895,17018387837841830442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
2⤵
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17981335062764314895,17018387837841830442,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
2⤵
PID:1348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17981335062764314895,17018387837841830442,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:880

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
64836d9ed0fa36504e81806dfddba79d

SHA1
ce09ebf37aebaf90664fcf7f20d9361c7473a372

SHA256
ca4ff89e62d8fa19b959aee20a3eb90a032317329e392dc4e455dc7720651cb3

SHA512
99debdc52571e358b1da6c4086d085f818d5a27b8cddecf68aeff0aa4600d9952277d4578c5d411d4cc4024c54704f5f4583d2b8d2146aef00c031b1ebad412e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f89eacc173016441580a1298f148d46e

SHA1
7e27c79728f54be41984235f7bfdd8a0bdcd3a54

SHA256
68bc2993e25bb9f44bdd514acb1ad122806ffba33f21730a201ccc347f496625

SHA512
8c966c08f3decb560b58816dcc8115f927eb58b96e3acfc2b7cc512654479fda45a3de77f9d4639713c8bbce65f202696613bdc66bb33444e9b5451f6cd7481b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
58106dd6bc40810a8c9267a463b3c928

SHA1
6b4a9eacbf0bab8eae0216b0f1dabd8eef295a23

SHA256
e6c0a5d47637ef4089a37f1cd8dcf6de7cf114006c0936a66944122efb1c42fa

SHA512
ba419ffdb5e6e607a44a607f0be044a46ad540a726016566ccd49517fd68f9fd3a46194cf1a37dde8523035ec55969d65d53a3c6a0d83291dfd2beeeb753435d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
736273125b6397444dd62801abbeee0d

SHA1
ce0c138f2e5a5cead85cf4eb56a9275171c43f33

SHA256
29a02381820bc1f7a66a65cba937bb9a7bf7b6a993199342e87fb5804665d6c7

SHA512
3bccfb658353094e7ba2ce7aa58ac85187d008bd52eb44347c0358629ea70576d71ef8bc944df15655ab034b8a8e6126fe36152a49c3d258eba30a5b0af39931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
89895ffc3fef7f2fda08333ce1a4da1c

SHA1
6cfeb9215daedbea90108ec434044464ed7b455c

SHA256
91d2a0b996af5555208896065be3a59182ebd0ea1f9bcc4d48894a3a5fc5e255

SHA512
379ef540032319e5657a1926fa90e520a4102b9775620ba622f0d4ca4460826f3ffc1a23e89daf326d79447aa354f0beafc1adf5bd0c09c94f1f8ee76cda2ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
df6c879c68a2e9b980fd378ad575d3fe

SHA1
5c15f7f8cfec9683f585bc1b1643731e66da7f38

SHA256
0d70a02fe9a16dc6f7069ccac8134562265d15806ec25870a3bfce57ffa006f0

SHA512
0f06e7d6955ab7ee2dd1ead3487b8e015798821afa884412e0e3ad8ebabb7202b4ffb7b5fa31ac8e3c1963afb846bbfc04e6f834162f74580043ea93e045b83d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
5e5f9bd32aae6854212a031b6e300523

SHA1
cc8669258e1434751286afd57da411a05c9998db

SHA256
25750dcc8a27581ee9b900318146ab470cc1b7c57fb483eba9133cf44de6414d

SHA512
c32061bf863417242b480540c28fcda97cca5cc0d16d72d2d1523a35a087a7479d74ef9f871ae0e328c378af07e58eb1a6d17aa3cd1c41d426a61bb6a02b27a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\7fe99c3d-7e5b-4dc2-9918-13ee59b353d3\index-dir\the-real-index
Filesize
1KB

MD5
6f03df328ecaa5ef7ae68596aede05a4

SHA1
14ea2eccea6e408507d14414e5a6bdda51fa2a0f

SHA256
a889657a7c02a45daf0c6a8f03772192f92bb9a24cf2cbea204f5ef022172ca7

SHA512
ba1b1b35fcfa4c2b9986dcb1bb94d39db2e87d2c94f3483fde0f0c62571aba42e768f501fa0ea3d60e7d9b6b96c92bb2aea62c94f673d835a409f53ad95aab77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\7fe99c3d-7e5b-4dc2-9918-13ee59b353d3\index-dir\the-real-index~RFe5883b2.TMP
Filesize
48B

MD5
f388223fa3b9747938093f05d6f771a7

SHA1
e4616a9dec102cd9fc8a641e3d918c17752135d7

SHA256
c467024596786acd79980a6bcb346557ff0925252a4f5210f214c07e3dd243e1

SHA512
4f105daa593079191dc92ec0764b9be2c35c3fc808308bff485948d74612b8054f23d88b5987ba22633a0250ff4bc6976e1665cbfc00d8a398a64bf4ac852a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
Filesize
73B

MD5
882316ac3354ada8c549af8437ea24ed

SHA1
b9023eced11dce45b018152ec09c428e5a63af7e

SHA256
2f47283dcaaee17d2da04c22a01b41452206f054e7845d962baa9efa4365fdae

SHA512
f1522d8d7e6c767b1b2505625492cbdbac1aa2cb1150d8d972e61b7be1a4aac2fb9ceb867204ebcf3e0d4328ef96f402ac05d1431f76ee89a7548b223fd32e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
Filesize
130B

MD5
45158d112b270d428fcd44ac9ee24e85

SHA1
5a7e9462483ff34d37756ede9a0b5c4f7d6136b4

SHA256
afcbf22b5c3dfa7a700257a7741904ff00a8b7362f3cf8b49f0a7ca3eccc7b88

SHA512
f5ccc78992a2d3d7ff16c71d081698618fb200c8295ac63026831ce4c24f2ea247ddab7711c8a9603929b6d730c6dc620f98f6241400b620f2478b9c9d88e48c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
Filesize
66B

MD5
473f9ad9954a768588001a3e2a2de856

SHA1
ddb24b213b92b71a0bceca1f197124c400ce56a7

SHA256
a28076a5037915cf0678cbe2602668d47973cc745be6850cbf8381652849e4f1

SHA512
ad83bc1d4682b2b899578c4dd49bd39fa7920a1182a72e77a374994b78be13d0420ad06cc8002e17fef8cac6d90c18decd7d58aef43d5d80622eee6c8108ed97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
Filesize
68B

MD5
65e157badf3621f8c66aaec82b355f77

SHA1
a5e104f5dfd052c7e5be1072cba2cd3d6e4cd4f1

SHA256
b4d9e223f8173f4111ec480d033046414e8b90168a190d498931c223e048e755

SHA512
1ef1f306ec622d5ff93457050916e59378fea4fc90d21a45c55ff703b7efc34094329378f3244e644a0fbe49d939ddb98369dcca5e6e7e3c4be657bfa6dbc155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ac905b03-c28e-4d4f-bfa6-f448bb8a86dc.tmp
Filesize
5KB

MD5
181b09107662368414a2e0fb722735e6

SHA1
f27d207824ae321b750a1330d517d414b737b2ea

SHA256
33b4da146724661fc2373c584f8879afab5f7c5b57a90c553be6dfec512b41e8

SHA512
d2a286b27f5bdc19d69f1350333636a52ca5346021027a2bd25fd2382a4379a4b8f5f028bb20e954d118b88d4066c07953053213db2842a0ec03799ff58736e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ad19204efda46d16a64e503865ea3a3b

SHA1
39c36725daf215d20f46a446a90793d8629de4dd

SHA256
56c030cf5d49ab18c97d555198d4c769ca4fba3b55b790eba326f624ddd7108b

SHA512
3ee53270a5ae1d38a1c7bc2545e7fe93d69c97377b0d38f8e05f85f0645f6ea52ec6b314f5a78e874d152178065524ec90e99b327fcb827e8dca666fbe33f034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
52111eb549d23950ca664830ddfccf42

SHA1
ee59df700de5eeaf37079ede04458b7c7c6286c2

SHA256
f2ee7efc71f15eb40bb9984fdfb0833d828f3fa8b3d09ef392348ab0e482d637

SHA512
c9f8341a37815b8375f1492e985209b0ba707fb3d891c1ae9b2acffaa5a13a5e1e46481ca8505a2ebc7b6a06d4a4fef9ca2aef9df9a112e2bfe53c1093b52d10

Download Submit
\??\pipe\LOCAL\crashpad_3944_PMFTDUMWBQEOKSHS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit