hxxp://xhamster[.]com

Analysis

max time kernel
1743s
max time network
1800s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
25/05/2024, 19:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://xhamster.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
1740	msedge.exe
1740	msedge.exe
1524	msedge.exe
1524	msedge.exe
3028	identity_helper.exe
3028	identity_helper.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 4948	1740	msedge.exe	80
PID 1740 wrote to memory of 4948	1740	msedge.exe	80
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 1164	1740	msedge.exe	81
PID 1740 wrote to memory of 4220	1740	msedge.exe	82
PID 1740 wrote to memory of 4220	1740	msedge.exe	82
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83
PID 1740 wrote to memory of 4764	1740	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://xhamster.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe30463cb8,0x7ffe30463cc8,0x7ffe30463cd8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,7189346419220884352,17582366597572540072,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
046d49efac191159051a8b2dea884f79

SHA1
d0cf8dc3bc6a23bf2395940cefcaad1565234a3a

SHA256
00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7

SHA512
46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d22039bc7833a3a27231b8eb834f70

SHA1
79c4290a2894b0e973d3c4b297fad74ef45607bb

SHA256
402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6

SHA512
c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
4e0aba8e8c7d3772171c6d8b79277a82

SHA1
d8d10d2a5296a1080f69db8273cb232d60afe2ef

SHA256
e7b77d72cab4b469a490a9c077a7cb958b9434384e9e9cc4d17e1c845b56fbd4

SHA512
7c17bdec319606b38999af10e7c672a8de3977bbfc3458b5b8f278ed5be14f7ee1a6a205455075051d692e549bf1d4c9f75a485f39f9fdecd7d603736b48ad91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1eec12f8cd29c7347bee07953c5093e3

SHA1
0971c66d341e67a089964fd186c0af39c17a032e

SHA256
a2c7bbb4d8faf9a5ea1b921c9014d369444d0a696b670e85a278b57a08b4b53c

SHA512
bbd74143dfed906633d4710ed1bed0a39e3d4ff9b93643b32752048c4305c0255725083f4f84f01e90412f3a879b4c2226ef60ce90cfd20694acd4c579a4aaac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4cdf60b17276c18d9f3e44d24fec696f

SHA1
4df3402b27fde04cd81a557475d10bfd7efd40b2

SHA256
4f4de0878d3b2f81462472617d7077a4bd6fa07ffe0022be9d20c1e978fdbd87

SHA512
2cccc275ad7e3a71c5379b4df1f7e9d1a35461e94cebea612049fcd8ea3d9b4402053cbf739462adda14277b95da2beb670b2f5389d3810b8b6943b38e04a46c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
054e246a0f862c1d22a799a44f3832aa

SHA1
6629dce227ea59d5c4518aa56af5744c3348568b

SHA256
302686db3a567ba93c491b6737c8035700a3614ac1e35ed3fbfeb1e5b2dee0ac

SHA512
d71fbab843b376bcaa3ad53d6fbfd83ae47fdecd0bceb185e58f0be26676b7951f423bf0c11192ebd9e3cb8283c5b7f5ecaa4357ef401c87d63a3bfe11606b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a550c5315c4b5edb2a3290e3158070215776a0ce\4e4fa5b9-20e6-47b9-a8e6-20a696f9fb95\index-dir\the-real-index

Filesize
120B

MD5
f4cfcbc40086b94202921294ea8aa940

SHA1
26096960e882398de51ad8a62aac07f27ea1c2c9

SHA256
53470952493afbf702db8b6d2102f49b79a6f7494c95906b16258b347201cfdb

SHA512
552c485e4a5a7d67374a949222cd8e7b69ce5ead2018078d0fa4ad6d6f599507698cb982bbab04d24cfe690503a799c3c1a0e94d9a67189a61f537d16614fe20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a550c5315c4b5edb2a3290e3158070215776a0ce\4e4fa5b9-20e6-47b9-a8e6-20a696f9fb95\index-dir\the-real-index~RFe57b508.TMP

Filesize
48B

MD5
af944a0f58df0c851892a6e7a9fe0d17

SHA1
c410a995fe48416c6e8e5b8484ec65093535eeb6

SHA256
356ef6e897f98caf9b03a20cfa1da261c732b0f8dc223888c743d4b7f0a69e92

SHA512
91aa9bfaa5bf65076e47fceebbdf63895a5795c143079eb1ca45b266a45e8caa289ecce3d6ec4f327df9004c203328c57966a0c7395538301eb377e5582b587d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a550c5315c4b5edb2a3290e3158070215776a0ce\index.txt

Filesize
101B

MD5
af17ce7c122d6bc9a278f72fe05d9d9a

SHA1
2ab9301786056b53ed751aef166c6f5a6f040e64

SHA256
8998fc71af50338841b3a2b5ca4bade9805be9e42b3e294112b71e4402475f72

SHA512
ae7050620097de90a79798d230470fd953b1188af69a200221311d691b704f7c129cbca52ec4679bb1a53b1352e65077ae7cc39f03dc9071b802bf62fe4f3f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a550c5315c4b5edb2a3290e3158070215776a0ce\index.txt

Filesize
96B

MD5
6ca99a19c4bc2e0cc1831f4295e41687

SHA1
0cbc43295d314cd820f442b4ef49224287e8d447

SHA256
2803ddb6b2204bc81fa3078b79ba1a33d7f54debc2fd02b72b31bf00b54d9fbf

SHA512
a5c31d077733613b841bc337a6e31af998723e885d4eda892645cc92f13a13696b75c03869203e6f051d1117de0648150b537e4ce844b0f1d62a03e03726b395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
10KB

MD5
a53c3019d9d7185ad607b9789617f7c5

SHA1
534fa652b7026928aeedf227632887f8c4d5c7c3

SHA256
c5b771c485e44235413be18fa6b7602c7a06217d8116c675e398b97ab2d9f13c

SHA512
160e4365ab6c4e3e746dde7f1b0ef445e5e4c21a453fb2368ac5f938b72ff3eaa526ae32698fe9c9d9df0a00715d133294c6c02c79d98f1af7fbaece89239291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
18KB

MD5
ac731394af8e464394444c8d18d4178c

SHA1
2d1e8fbaa5a875cdbf08458342a2557118eabf8a

SHA256
907657eb940c6e4b5661af69531a059531ba1ec970c136eb0639f060cd470f5d

SHA512
d98b882b3723f694b3030ee01d99fc737a11267217a3f93a229ef3ee4a65d36d92457ac0c241374c1ea2965a5e0de54b15d23c2d978618402aa885e0446605d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
641c9262f6c2cfe09ea4b20aa62feb7b

SHA1
3dbc26e018aa4e77f137de8fcc7a152699df2196

SHA256
f3cda7bbf5a16f5d1659fe12dfb50a630b125f3e3254d94aaa23019d30dc2f21

SHA512
8957bc5c3fcd4fc0b0be4c06409aab9a9d6f16deceec6aaf0808b4038e6d578f4bee3d08dc9eeead6be668353dbd44d434d506adeb55ed146500d5b2e4ea6530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b43c.TMP

Filesize
48B

MD5
998aa79ebc74d0f9e230102c09f00e51

SHA1
f71bc8ee12e55f790117a8dffed2963e3f6f24f8

SHA256
255655476b8004e8b41d8cd5a3306bb6fd7ba6e1aecdf7effcd096a35876b0d0

SHA512
cd480edefa27598a8f2c149e47726d0b9da4684aa92ab0b487f68704c78a08bfa8b7b03d975a3220be2c5fbe13b7b37dbe74cb377b2659a86a2be9c878caa0c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
613d59281610262dbd309d610f3bffa1

SHA1
493d702476eafd9a26acb2271ded4e8453d627e2

SHA256
01c1d55bc0de2c30e9bdb564b601485b68ca3bb1ac612810faa69c26c60ffc5a

SHA512
f025b5864e502d43a0fbe6d092a4c6f4d9a568f7026bd66fd10e61e89ff16ae177bcc724863a538d9c43c324a54a7040a9484e0945c7d85c00bbcb066d27c967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b0ada122-ebfb-438a-9a6b-fcb65d533373.tmp

Filesize
11KB

MD5
9ea7100d23753d354a193f1980a7cfa8

SHA1
ff547beaf01005aa09a37ba7c4e468b1694e0ae7

SHA256
68360c5f8492acaaee0cb47deb23edea8a58b5bf3c92e0ef31d92897c451425d

SHA512
1e2ee76b3a204d7966843643d2304023dc63667b3d6e30dfadf2e14755f2a92ffe86a39c5141e666fc4ef8492e0a2ffea1f0b0bb7f0c09bf1bab35ef8dd513bf

Download Submit