hxxps://besthappyastros[.]site

Analysis

max time kernel
22s
max time network
22s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20/08/2024, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://besthappyastros.site

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2796	msedge.exe
2796	msedge.exe
2840	msedge.exe
2840	msedge.exe
4920	msedge.exe
4920	msedge.exe
3940	identity_helper.exe
3940	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1584	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1584	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 3604	2840	msedge.exe	81
PID 2840 wrote to memory of 3604	2840	msedge.exe	81
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2352	2840	msedge.exe	82
PID 2840 wrote to memory of 2796	2840	msedge.exe	83
PID 2840 wrote to memory of 2796	2840	msedge.exe	83
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84
PID 2840 wrote to memory of 2412	2840	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://besthappyastros.site
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff919793cb8,0x7ff919793cc8,0x7ff919793cd8
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1690457943915955462,8226898389191801765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:876

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3babed06252fc1a5470894262a1c1c18

SHA1
1b91ecf3ab4a98da092308a1bef7e24bd66f90b4

SHA256
2e983cac2ae701701d083ec1c5fb223e697a85722bfdb0b11979314075081096

SHA512
99861232ac0c1f4e0ba62fc114f55b9635ebecc7380a5d9516d565825961b3c8315b24f11144c77e2fa60fa1cb1034145f6df08973c51efa55f25ff7b07990d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4bcaf9eb36e5d3114978331bec65a37e

SHA1
93bdc77bdbbb524d94c76d690f1385b8ea62f5c1

SHA256
92205da0fab009219b121fe02ec33a106a24bf5942751eb36e042921da735850

SHA512
f5633899daebcc37d7bce8fe9c42805c34326054e14c1bcc17c869bcdb0cfa75a70ca320315043775c09e756aefb22a0336c0eb5bda43311253e8c4b743007cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3051fc1f-1e8a-4d5c-a48f-f32e37e7ae3d\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
9f3dc6695182b9080cc5f790bcc4578f

SHA1
75d16211b32f1765d7bc115530cc13bbb8043f38

SHA256
e20b4bfc6cdc2d742064fea1aaf7368f00c182f8318ad061bf963b45547f1af2

SHA512
5ba2cd385a1c4847134bb70b2f1d7e3622e3274833af20244b1fa8ca2d9fb6ec83646458da81f4ad6006d5ea5ecdb7c3d76da3770353109140f803870859a347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
ac06e5b6d13d420f585812ea44040d88

SHA1
c2c5e8fdd247fbbc7cbd69fda108405d9c8934b7

SHA256
97dca39e22b691b70703b2f5451b84b9a6c4defe8bca1b7f0acc9350e3d51b33

SHA512
804d2586ef71b487aaee5b31423c8954f7f1e81dbf18b2d9a5d669ff03680f9c4f2bdcb74d2c7b2182167953ecd0d2c5bccc7d87b33515a4ca8dc63e984ac705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
215B

MD5
e2d7562152d64be90796a006c6ac2ec9

SHA1
3ede3d772c55da0d05269b79e3b7df5211a379cd

SHA256
910b291416c6b4f644e18b2ee28c28bfc50e12e7ace41633239ceaaa15e9d256

SHA512
20be62d021f829b3b58c7c724a6142d319dd7b21b71e845557b3fd799f2ff5df1347c5782b2403bdc931e0dd9cf6cf8cfbeac3ae68d659417dd81082d6981f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
6966e946cab055cfdd216d128ffc38ad

SHA1
8ef434f68ea142266198dadb85b45e0ee911ea58

SHA256
7f35e4d75b253de846295c75fb0fa024c0ecb0ec25da3883e722f93ebb2c4e6c

SHA512
8246b8957b8972a322506f5de955bb557bfbfa444f0f9358161f33ebfc89d6aa15a5db9337d5c4c3d471708b983699f277f0852af625835581ff33281d516418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
a22c23d87a94041f33510db4f8b93172

SHA1
3ef7fdfbb91321385a9c8471fddf1c2b64412c62

SHA256
e83536428365aac95e2159180b1646c702454bd5c023601960f16b9ec7f632a2

SHA512
7730eaef8bb99b09d7576734a906f629b86b7c6b15e9ad22649419dc6f8944ab478f3989ce8ea563308cc33a745205194e550dca22247d51dca6a95511a9122f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
151B

MD5
777c6e1593de061e3763c51fa2305299

SHA1
91500bcba0452369ba398be7e0575cbc0b13c49a

SHA256
d699a8cea49d7b8f64c2f3688d60b552091e8cae046323830ceb419f4d045e44

SHA512
47f3e04f4a3d808381f3af448917a3cddbd5e1df9eea0c67021dd4a743243a3c98dc7dd810c64c831f5f0ae3afa10f089e155476f42f23d06ab684708c281948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
de345b8473885420331a9391affec7ae

SHA1
7588742397e4c9030b4eb1ff628383fbdae68847

SHA256
4dd7ff3c48b75cbd73cfa82a25010bf8121ff8a3d807fa7842da5181a408510a

SHA512
e10d2e3bd02213a214a41ed28b21158d95acb89af7ae1b4e9406853637e1c1cefbc06dbd32e43e06a0c2ece6599b5fd70e86cfc287426ea4be77184148293041

Download Submit