hxxps://cq3nnx8n[.]r[.]us-east-2[.]awstrack[.]me/L0/https[:]%2F%2Fwww[.]datawatchsystems[.]com/1/010f0190a8a07521-cc327504-b9bd-424c-973d-273ae2f4f4bc-000000/qgguNMjcEGHLEA-6VPjl9fhSNnE=167

Resubmissions

12/07/2024, 23:14

240712-278b5axcke 1

12/07/2024, 22:45

240712-2pebbstepm 5

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 23:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cq3nnx8n.r.us-east-2.awstrack.me/L0/https:%2F%2Fwww.datawatchsystems.com/1/010f0190a8a07521-cc327504-b9bd-424c-973d-273ae2f4f4bc-000000/qgguNMjcEGHLEA-6VPjl9fhSNnE=167

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4500	identity_helper.exe
4500	identity_helper.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 216	4548	msedge.exe	83
PID 4548 wrote to memory of 216	4548	msedge.exe	83
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3616	4548	msedge.exe	85
PID 4548 wrote to memory of 3548	4548	msedge.exe	86
PID 4548 wrote to memory of 3548	4548	msedge.exe	86
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87
PID 4548 wrote to memory of 2996	4548	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cq3nnx8n.r.us-east-2.awstrack.me/L0/https:%2F%2Fwww.datawatchsystems.com/1/010f0190a8a07521-cc327504-b9bd-424c-973d-273ae2f4f4bc-000000/qgguNMjcEGHLEA-6VPjl9fhSNnE=167
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xe4,0x108,0x7ff9923746f8,0x7ff992374708,0x7ff992374718
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16110406094571326550,6885073534024165525,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
23KB

MD5
d7b939783fc4ca111444bdbf808e9dbd

SHA1
e20d3449a2f67a21adee3bc8f79994c7b5fd57df

SHA256
5da7c017cdffa2b4b9e4ad142cb0ab01c574740c94960e26526b904da4ac8d3e

SHA512
12e9cfa4e4488cd7bd4cd5d3321f4c83a4fe3c7d5885bb3ab7290d73c9828694ac7bb0e67b2bf90b19a521cf759829ac34f4fa2876024bfc086a375703eb7635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
50KB

MD5
b65d87517fde58ce7dcf8130698ccf01

SHA1
00c437773f30c51025e3ea6d3fdf4bea5c5954cc

SHA256
c127b9e1aaeb9588cf997ee975e4e1f31fb901a9ebdb1762623b7e2c7c6b6f32

SHA512
19486cb878e0b8c3f8bdbf9dafac90371bf0d15221fab2683d877d6681b4e0ac973db709aa9ab2bcfc873acb4486f9eda53655ee5fe8174dfcb9b0fe1bc8ff67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
47KB

MD5
8022856cf695b8e2b0d1152c58b87253

SHA1
059204afc0ae40aebdbb652ef6d08ac3df9e9a0c

SHA256
2cfc89d052c9928ec0459b4c2d2a53cb48a87441072a60d30c624c9d4a833ba6

SHA512
8015ca969f2e9941cfc9356ffa03083ce186d602f0c3bd188563676fb3a9d901584b33d22e7625eb620308f2d3d426e283861862abdd984bc0dafc4461a66998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
92KB

MD5
10ac5c1c01c04ea199f5c2630ea990e4

SHA1
1be932c29c9f033e1b7d4451c568c7b8bb985dcb

SHA256
cdd3d797154a8b91eddcdbbcc70c268c70caed163a50c59dc3de77a042245260

SHA512
88b1e63c24235189933d483bea2a82abfc8010d8b5717aaa9640b206655c7b76329f44aea55a2da41cebc6503f0e4d8f05e441f0ea3a5ecd81e028f913d9b316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
117KB

MD5
f62f84b3567500ba36381c4b4e8c490a

SHA1
b57e5074b76343a060965059933706f1f28db45a

SHA256
3f321d0ab3f72a75dd3c188f5de8a6e5e326d743f70a57e67569e0a4c734f2f2

SHA512
a15e0bd9cf6cdb31ae9566e4c6e0dd5746ece763ffd75c059f07724a35d85d2a1e8ac930cef35dd2415f5ea59c10875a26337ff9a5e21200c74e1cf89ee6863f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
32KB

MD5
ef9aad401519ab4853754cbb38323dd9

SHA1
2b10ee19a7f042732fb873c0d50bba375a328bfa

SHA256
d7befc6ee37def6e904df1ff616ef77f95a14a47b5390f25e3f57c3ec409f229

SHA512
3993aa5462e229f9ef66fbbe9f19ab964bee4a46dffee7d6611817ddea2d4b426b488831f60922b9f18157d3068ef804571a1350b4e20373362bf1b293cd942a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
88KB

MD5
0da74c4828bd13cd986004404ff706a4

SHA1
c9eaf89a4b3f51c595297c0ef56517170a33b536

SHA256
e546e6862104aec7bbd7e5a5b2487f3ae915fac5436f353f381f1c0811108bee

SHA512
baad56a3e57322d2f271b21c904862279226487600af30145ed2eeb48622ea7b4dfc173a535c3be150eaa3460b830992f1a354200218fef5c3fc1e10975e84d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
19KB

MD5
2478c5d95fc69496af5f97c1090cd77d

SHA1
40cb7a3213c8e9bbfbac6a35ce2f9dee212077d0

SHA256
272dd3a546af5a3682a6a52a84b2d4dd7aea3d04af9c71f2d45359b55c68004d

SHA512
51c53e193582b17148512aa0259e466f21152ded8348e1544324ee4edcadc73bb231022a41ce68a6082284af7337b184a2ac90f20f265664339e79f040ac396c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
89KB

MD5
254ef2ba05bec2837b5eae0b83c248a4

SHA1
85d49fc3f09ecb09bf850ce213b073fff762bcc0

SHA256
33539d3912f95485d9ca1ea7a0a4fb3e84e6588a7a26f1dd4796c945f4d60d6b

SHA512
d2bb734ebb1426477f5b2e8d42cb523cc4bc04d214beadc3302929ee301599b4d440d5808a570f4b49d3739eb32cc85531ef8ef846eabf5915cf2e17ba6acc30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

Filesize
212B

MD5
e93a5eb1708a0bd6c8924733c1a5b5a1

SHA1
6853fd844d7372cac2896d549ea17b62f0bed3dc

SHA256
1836b7f729f3e932570022de9399cda6c1ff7246ccbcefa6eb6ed03f4ba25a12

SHA512
92442ba6040aed7de69271d08346494c06a26bc9c96eb629bb309772abe11108c4c925cc37fafc7c3f53916e4a44d171d955c3de832a988410c5107897d0ef49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

Filesize
7KB

MD5
1e2d7f71ceacca4b53944704b36964a4

SHA1
96def5a39c37d9aea3293d632713ae47e4353b5e

SHA256
45a5efb4c46a7c2befbf571b321160f0545d85db0144fa64c185ebb2749ec016

SHA512
73aa4aa6ba3d26aa6ed3cff3cc7d37effc2e5c4094ed86be9d6dec86dcdfc2ec75d30af23091a0ae4c29f4b1cdeb32c41cfb300890d85150bde55eeb1ab9c40b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3873b0f721b60ccc_0

Filesize
233B

MD5
9901befd60c9aa4621b251f6ac693eed

SHA1
8fe6b79066d2280c201241ddf2dbb48dd0a3ec9c

SHA256
4669699553aad1f0049c286c8cc6b335bb6f9f3236926e2c6a89aa8ea04dac61

SHA512
8d08d8290319498a8ac2465f20a48e48eae3e919559951579cc622d4868fabb9aee2838ed6277546a41c0851dcd5e603dc91cd41c897b6a15fcd29f253c997c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f6c6180ca5cf03de_0

Filesize
233B

MD5
4c62f7e423db65957768ae4599536981

SHA1
e54a9d78fcbcc6dc216cb8673ca22a192870ee9a

SHA256
896333545d638fd655367e9d47b66ca9b228fe84e2974c0cb4aeab8020eebe72

SHA512
1cc4a90f282cb4e3d646bc480f80852d178890436eeeea3b03c5b5151f91f9066cf5a1c574873838e99813a2093d4c1a526e467de5d7ab033f3cd135b2779390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
04bf5cf0c1731e7f8d6ce7022d6957cd

SHA1
324a4b6ab4f2f56023bd5548cd553142c98355dd

SHA256
f5c375f29631c89ec9a64e1bc8d872537632987a7af2438a34263d6bff92fcd7

SHA512
a68d460b6ed7e8ceb895c89fbcd91929c326b712f6c80167c255d7c3269b7726531e05f0c6b3e9ab3a94f2cb7ffbc0f27875861299b2aa6cd882fd88b4149c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fd2689776b3008dde28448d9100db929

SHA1
ac516c231078fca53b976ac0891ca84f799d48bf

SHA256
53e19392a99c6136b1386668f0dd0704b7b74a833bfa61aa4ae847550600760e

SHA512
38ba94330fd3335dbf3656b5a1153291fd4b964caf0535f21f2889ef2b1750d9d52df61d5278e690824ae61ff46627f7e6236d21f956c70da49c4886bb92f17b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
421e589ece87bfc082b4108707cc29bb

SHA1
531b99ee21b6422824d2fb30fca07f657c7b84ae

SHA256
9fa1ffb95dcc9658d8b2b0d17334308a9ceae56ebd881d4bbd6d14fcd1477813

SHA512
577453ca43da31e2b52d26085be9cc3d1e8c580c48574d516759aeebbb5dc874ce27de85ce9a27cd9daa6ffb4b8d6760745db197300da89ace0ad60e0c57830f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8499627cdc0c10927d1b3ad7871eabf8

SHA1
5e6cfeefe5bffe6a359bb2d5f2a513b8049ea238

SHA256
4f7e877858eba56a425dc7ae64b6382b0b6e9a90dfde4feef1007561d7addab3

SHA512
13569310f7e393089b19a36945f59136bd913b93c77a2709083c799c7b707d2bc588f7a70a25781929218e75c5449f3dfd748e126c5096885541f8b33f4885b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
87d0fd758647afc85b625e3c095fba1d

SHA1
4ea032e0628910c133fac5c992b392a4e6ad2c1f

SHA256
dd201736e8773a24d75c9b2596932887d13f9c4f303857911db7ae437f8ed9c5

SHA512
07a635b76371f4e17231f76f8f065e4ac420582e0cee03c442739a238f299cb400f58bb2f68309aeea15e3d80b27069049310d915bdf67b4f0d876b921e3ee60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
033785aba8d48f47075fbd949c344d36

SHA1
9c328cb07282fe85f84bdd3f0a97654fb7c1f173

SHA256
117f1dae0d056145383e5f4b2c339a57dafbe84ef8b87cf6fc009ed32cfe41cb

SHA512
491d3d601276f59de366ae526d87acf5fdda64e3936973d3971d49b8b175455232d32e180835c3c6bf0b00021eae4194cfc86f1eca7879de90eac5f302539846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7f85006e8a560400a09fed200ddb636

SHA1
f5bd7cf0dfff6f89c4971429866dbe5f1c77c061

SHA256
a8e87511270874d15f6d245304d60b131f3a8159423a254797d6896cff66c9e8

SHA512
79b6e5a155a8c7f37abbdd718ecb5c1794c40d9d8c56e0bc6f828990614ba4f809cf2086fd251e412fbfa62de644f9701c163db48f8d978cc6d86fe60e68d397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580460.TMP

Filesize
1KB

MD5
1cd8818fcc94e9883e3872d22f52d90b

SHA1
ec0d7f34276155ae5e23d37262b9b1654d32eddb

SHA256
14a876044e5baf7f966e607d25d2442467c6d3e4c7ad1e3fa37c96a9ed7b3621

SHA512
f8012959d2b9c9fed4f73eafb3cfa43a5024e536e124dbbabe8fc0aad90164f34e2471cf0308c9ff9c1a356d8e32f4e50ea465d145066b13428c0f70199c0698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bed6bce58a5bc487d1ae9373d2aa6e42

SHA1
e22ac19ff3d847530a26a8de559b5f251d645734

SHA256
b9219148a897def5f019d20c109f274fc3d867268409c759fa96fca668419ea4

SHA512
2b01a08ee8847a9d54ea9ddea351ca859c47f2a7c6385f76450cee600399c3fa3246850658a70527d80a5742c0e094307dfcf02f6f7a12965dc0e954f38fd0f0

Download Submit