hxxps://123moviestv[.]net/

Analysis

max time kernel
129s
max time network
130s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://123moviestv.net/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4948	msedge.exe
4948	msedge.exe
2380	msedge.exe
2380	msedge.exe
1916	msedge.exe
1916	msedge.exe
1196	identity_helper.exe
1196	identity_helper.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 1148 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 1148 AUDIODG.EXE

description	pid	process
Token: 33	1148	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1148	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2380 wrote to memory of 3120	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 3120	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1072	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 4948	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 4948	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe
PID 2380 wrote to memory of 1256	2380	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://123moviestv.net/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcfa333cb8,0x7ffcfa333cc8,0x7ffcfa333cd8
2⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:2
2⤵
PID:1072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
2⤵
PID:1256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:2204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1916

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
2⤵
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
2⤵
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
2⤵
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
2⤵
PID:4868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
2⤵
PID:2204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
2⤵
PID:236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
2⤵
PID:1928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
2⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
2⤵
PID:2000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6540 /prefetch:8
2⤵
PID:2184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,2747819061516496808,2578475357493572219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3024 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004F0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
de47c3995ae35661b0c60c1f1d30f0ab

SHA1
6634569b803dc681dc068de3a3794053fa68c0ca

SHA256
4d063bb78bd4fa86cee3d393dd31a08cab05e3539d31ca9f0a294df754cd00c7

SHA512
852a9580564fd4c53a9982ddf36a5679dbdce55d445b979001b4d97d60a9a688e532821403322c88acc42f6b7fa9cc5e964a79cbe142a96cbe0f5612fe1d61cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
704d4cabea796e63d81497ab24b05379

SHA1
b4d01216a6985559bd4b6d193ed1ec0f93b15ff8

SHA256
3db2f8ac0fb3889fcf383209199e35ac8380cf1b78714fc5900df247ba324d26

SHA512
0f4803b7b7396a29d43d40f971701fd1af12d82f559dcfd25e0ca9cc8868a182acba7b28987142c1f003efd7dd22e474ac4c8f01fe73725b3618a7bf3e77801d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
45KB

MD5
f95a0faf6629fe55dba24478808491ac

SHA1
c91fbfa760c6642f522038a7e90b9445cf8c762f

SHA256
3401a6c618e31c817b75f603ff2ecfd83b8b75e4309aa09007cad5e98878f1f9

SHA512
06f2e5329db17deb104bd106cfc84ea2b321a4ddf64d6d4acf37462cc0d898530b3d913f2c48c7cc29063bb22430e9d12ebd6c9f8e32a2e980cd985a40923673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
24KB

MD5
1fc15b901524b92722f9ff863f892a2b

SHA1
cfd0a92d2c92614684524739630a35750c0103ec

SHA256
da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4

SHA512
5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a780f870dfbc52f0ffa591cf4b08ab2e

SHA1
e2e6fa18e94e5be94bf3fcc316daff98a994afb8

SHA256
48bf8e7647fd399fe9eab565ec85dd3d6fa831a342eb188a0e5a079d772629ce

SHA512
0f3210135dbc13cadf776ff1065330b8eccb79020f17e68c6b1af17800d23d76bd8cf8b2b90a38a9b634609e470d46a835e1a22b0747bdef405858499e8e0cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
4d05ef00adf378aac2578e67cf907921

SHA1
e446cddc2a4e178e9faa87503bc9b8fe3f7961dc

SHA256
7fc71da63711fa600e04a98d113a7103ed76617e760e5b969c66790efbcf0574

SHA512
3949214fcf4ecd9a1c25182121cf4a0d41cc7599779716ba1fc242bd4a06853342132419021c1a892fee1a80e3eadc86cb1af517e1801f235f5b606f45daed2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ef7e8f6e918f9bffcaeae2b4765ce572

SHA1
cb24a3281e5ab3394dee8352dc642866b1ed0c80

SHA256
2dd27b77a2c167061edce85cf4be954994aa3f34aa9b00ff671e335b86aeb6f0

SHA512
8ed1ea301b6a57fdf28d5928b74880a69b762d399daadba144e235c0462447ed91a92c85ecbfa3d49da61fc5bf508ffb1cdfa08d22a9b512080b625e3e8e0481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c6797fff5ebcd64c19c7de4c98407ab4

SHA1
24e2fd1d905f200ea28dd91005b610b37fe0f947

SHA256
922bd631140bd7c83cd41184d38f79af22d99c906a9cedde137ef167c055f770

SHA512
c7a5155f3bf6f669df8d8ee0ee3206b97e92c0f438d5f9aa7342b2c2e97a33357c72ef4c0fe5f9f290bce45056377da82982bf82b0ba7fd01d79aca0a9a3ee69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54a36dfaa6fd30c8b29995b9f8e345f1

SHA1
3c241fc45a1d8484299015f21ba283a224f2b357

SHA256
aa55f709f265de030306682583b990b54fee9abc9027000c08f607f90f510a50

SHA512
08616ba8a4c88d298ad2845cb1fddc8c012d5f06eb3f6ef9104b96fddba934e8e19314a7ecf3416620b31af5c531a2bedc7de89ff986f92d0cfbff4f86d383f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8c4c1ffd0c759ca209a8f6e32755938

SHA1
6eca60cf02874f8a796ad4679c4da036bdaed91c

SHA256
e9995198f515859418c1fdbea696727a7489f4042e8d27945065fa6a6c3b3b80

SHA512
dba048b6e35b63a7e0650bdfcdd3480ea00b24d931a1db35fc1db97674e0b57862c652e6b301c13fd1dc6a23c628847c33e325d5d0aabac260dc98f1c726fd45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4b77015497d393eb139cffb047f7a080

SHA1
d69edddf877081aabece141c4a860b6f8af25d8c

SHA256
c624ce3d25a0cb5397f3d0e5e12e6df939101e0a4226d4ab75b53f56a5170f86

SHA512
efe01264776f170a0c6609ce8150e1c1a055d0139eb55dc9233dbe9eb5e9415e80d0720a39e5c3469d3e5a1c5a8f874ee4a84ec9ea6bca8af91af76467b85911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
177660f671fa84fcfc1c0452b46334df

SHA1
6ca2e8062f5cc4948e913e09637a3b80df2a4c60

SHA256
175ed897e1e0606d5e58546240ed1ad5c1fbc7eacac4549a00bf7b8e414457e4

SHA512
f2401cd60d45db679e9824972443215d51d40aeb0c3b9f8bcdd951c3e69d1f0710c1b083cc7904cbbad0edbe2f6ab7f637e3e1c1a2824a9877a2d6fb1c898f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3332954118fa676627defe07d4eed487

SHA1
245ffc6584ff1233f6797dbeddd948c7d5f389f2

SHA256
7f69c23ce73e305ac1ae1d529ee154e984aa4e02a96486d3a3c695b5b51192d9

SHA512
4123093482069b58e7958a26893e40611255e82d349fc95026c7ebf5c487e9eece9e781f2662bf082ac22c7b073a08be80162b42582b83d3acfe5c20f549bc13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584011.TMP

Filesize
1KB

MD5
a95e62718baf7b9a39369dba5e9d45f9

SHA1
43b4e4c7821d1ec46c1e3c8d88fba285313d5936

SHA256
5d17cac635ac0d4816964eaad1511b822eeeb6d5e46a325d962da466a2acc9a9

SHA512
da83dc26fe8fcc8072861e86052b03a519a255b9c895baa28b4e43487eff8c8b2a5389a382f201803a01eb9c306b0c387cbb08db7625a0b6c212cfc736452abd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dba7293f-c22d-48e5-8fe9-10954ac057ad.tmp

Filesize
5KB

MD5
6c79d598d29a378f7404050d9e73c515

SHA1
5d13812b60e1a7f16e567619ba5e0908d8fb0a6c

SHA256
9f5dcdbb0c85c90e20a2d92f0f829d37f2847c325dad9906270db0366f8060a4

SHA512
7dde78f5ca98426b6dea97d7480428530f49fab1485c4151e55d78f2160465b6aae14761cd177afcd9f693ceb2d95befae43a1889f066985116b7e7d213884d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0f7940f2ac8c7c68c0ae918070a9456f

SHA1
9ce7d811da23707bc63c048e3dca9d014b9c2433

SHA256
2132c9b56700a918ddba614192c73b9a7bd6437eb9b97297df3fd99ec2c02808

SHA512
d4c357f5339595d9ca1de88ebab9dbf76a6bdaad0d1d8e347e51fee565e9dfecc3d4d6a8aab3b56300794365ccb2e1a916e32b28f4fbb11068d30b54c7e8a842

Download Submit
\??\pipe\LOCAL\crashpad_2380_SHKJQMNPEWYIAOJN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit