hxxps://store[.]epicgames[.]com/en-US/p/fortnite

Analysis

max time kernel
40s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 06:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://store.epicgames.com/en-US/p/fortnite

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 153682.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
860	msedge.exe
860	msedge.exe
3260	identity_helper.exe
3260	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 2392	860	msedge.exe	84
PID 860 wrote to memory of 2392	860	msedge.exe	84
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 2292	860	msedge.exe	85
PID 860 wrote to memory of 3444	860	msedge.exe	86
PID 860 wrote to memory of 3444	860	msedge.exe	86
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87
PID 860 wrote to memory of 1000	860	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.epicgames.com/en-US/p/fortnite
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa527746f8,0x7ffa52774708,0x7ffa52774718
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4188 /prefetch:8
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16330721579752656427,8869948961626190564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:6004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:756

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3dc 0x474
1⤵
PID:4984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96142ba45f7203a8c4d877b2d70588b6

SHA1
e1d1ac761b3c41ba0a3409d7bec68ca22ae1fac7

SHA256
dac3fb834fb077720a5a79f49add75e37c15bd07ac063b5516061ffc611c334b

SHA512
fe09d408370c5ddfa3264f870118fd2edb2e4184871a8029bb62a438be6da78a8e1f72d176149ce6a4963e9981136dc878aedb1e0c660833482a9850680a4beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b367ffa3cd6896506992c5bb8b91addf

SHA1
93c9bded12fd3a814e4a87d1ab6b102818a9996e

SHA256
a2e0b202caf41d3a5fbde3824043e423cc9ce0ec9653a9d1a2d23b04c1467b96

SHA512
44e2745fad967ce9b7a2be00b75d6617d441ebe2763d81a8c038d57906b1c94d6d57c930141331c39e032a284b59014646dd9054be213fd973e75a2269466a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
355KB

MD5
e4361bf6b9ecf947e06a468695c42f0b

SHA1
533f1b952b63abe4c9ecc48b16a4272132c5e09c

SHA256
1a639521125c66d2b62254a167f6ac35b4c16f7dd96a4d56d51bb409c0842e52

SHA512
604127e36d5b5b4450a25a4877c37173f27fac4b31048411c97be5435eb31aef8de13e676d690411ef0ab2b36fed866069e15a54539bf4c3d4af930530b021c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
275KB

MD5
d0aaef32029ef778f18a151436042b01

SHA1
17bfb13a8bd4b9f8a0d39683f628a3ee18955a21

SHA256
6d889d8e68fdc996dd17404cd6817190ce55d04b3d699382174cb5d7348c9809

SHA512
38bff7f90c0dccbb6875d977dd40744d61004ddddf67da54a490f175785ac1dd3e8f737966e933188f6e0bfad8a5b2053e0582ef3d9b387520f683c5f726e841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
d7b6e9b42dc82b01fd850cad0bd278de

SHA1
d5755d405755843ba31247037e1b70cfdfe6971e

SHA256
f7ec6ed4f01ef81d8ba982e426cef21fb4f5aea6c13ca060370e80bd4bb06f6f

SHA512
466131143859ff7ed64bd69933d22bc409332f6574419333bc0b9ad7843048df45730109f0a36518ac67b44d0792e202c8e26f16d2ec5d60d6f3339f756d1d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
07f60e6a260e55241e6c88f5e8c236a4

SHA1
a16ecb350a455ce4dd8ef24cff39a3902b7da670

SHA256
be088e2dcf47192a195a9334d0e0643f761feda5b23800cd5dd96d0ec52dc0f5

SHA512
9f2774494ebecb19910e5e2734c2619d55f382e8af459417544a22d7505d46024b20a54325ba4e346597e49f65984ec47f128b6b0e87312db1e03bd235268a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
76aeb9d259445fca35bc39fa256bbed7

SHA1
dc316148a646028e2315d0f6166a5293af84b471

SHA256
2993e1e7d0f3bdb2a1938a1abd44fd6df360128c58b9459c818686ac6426b591

SHA512
429215d1ef99d64cffeb65954abadf3b0c24afd455e0d15309ca7162dc927ae9210eda75937ae6a43991dbe7e9b93e88022a57170095b2eba2ecff34b866509d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8def6e5be8f9dec3362ca926b4b3b54

SHA1
feeac58b0d39028ddc9fccdddfe12ca5dd784ac3

SHA256
e4feb1db3d9453102142ca82133612d83e62772a31255c5d323962ffb1d311ed

SHA512
357c5eb388e6efee8369b51d8ec4c99e9d0cff43363def928b72bca6ce6ece4b98411227f33f582ff7e4cf502650c7550617d5d70feef7ffbc56ec52d08c256e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
852d886f30a60b001ee9e16d15da655c

SHA1
713ae02473e2af931fb4455db3be07a00c734e97

SHA256
0c05a4e24bafde15c1c9cfa778ac25eb5552c22b1a589b7b473eebc752a6ca68

SHA512
09625a70076a264b7138dc14f2fe81b0e8ad6cc0ecb3cc4f5d5bd73eb58fab1e2528c5e3a3a40837740895a5a694b94b2fa174a8595960ef122823a4132d4f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\17e77c87-9b70-4a6f-9106-c52999bf63a2\index-dir\the-real-index

Filesize
1KB

MD5
9efde2ade072508fc246ed152a66feaf

SHA1
ec9b23d94777a8210e27b6d8bb22a025e6b94ed1

SHA256
76d51f1bf7a19fdd20f51b4d4828f65a58f76d7581bdce8111be07f8117c1785

SHA512
d52fe5ef405e162ef3a969a78d6e099d2b01ce5ebb4342a3e590d45f7ad7312c4a62b531e430ffe4c8aab1c37ad580a28b356849a94d64c27ba7f4074b5516e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\17e77c87-9b70-4a6f-9106-c52999bf63a2\index-dir\the-real-index~RFe581c1e.TMP

Filesize
48B

MD5
b9ed4a0222dcfe39d822604b6e6c47cf

SHA1
b7901a39306b99408f73b264d3b49a6fa9dab321

SHA256
2e222fb4723b6ff5822837ec5a883088ee7ca92e58fa184bffbaea50fc1b3a96

SHA512
20c0211027a57422c47a587c97f140739ae9cd604e2fa9e79c56c763ad9999fd7d03a3455d9d0970bdbc6de35867cc4ee0449aa5168a5bf120840e6adb4dd0de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\index.txt

Filesize
193B

MD5
724dcfe780dca8da60ed4c90a64febf8

SHA1
6075a4cbdf75c3e8f1e3cac6c8006146dec1176f

SHA256
24472a61f8c2408cdc4e43d869609309fdd59414385a82e2b3650be8c2f121e4

SHA512
a01e7ca9a4e7126ee45f61a33158fc05f445d65e3dd19a7cd858801422c08ec5896320ddafb50d11907e4e63663557c3cd03c7ee3e2a7a02996257115b8c19fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\index.txt

Filesize
189B

MD5
f4f0858a043258ea75e34aa1a92aa92b

SHA1
baadf7f96ab5949223bbc5e5f7d65f2044f8ea37

SHA256
c34061df1d9fd96add822076dcd51a406369b7ee2bf7237c216fa36bfb557ea3

SHA512
3ab6b0fb703c0766c9e1070ec9dd9dd798ad441ae68d575d7127a1b95015182a65c54cbf3908bc910eb313c2ba46297871b018f63fd6293b6007ef6bcb355d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\index.txt~RFe57bd83.TMP

Filesize
97B

MD5
6f919203a8dd8e4af7336bd435aa6f28

SHA1
0945c68efd8db0450a74f7592e8dfa8e3c90fc40

SHA256
059ecdffdee1647e21703c34e6c2c7ea45666997671db4a6da67320ca29cb039

SHA512
bf64d9b7649652a1de2ff929ef4635a822ad1e9cf9d9a682bc267ed3ab0eb3e9c9c47b5600fc81ee0412ac3d1714233c1ed3e1c3f5d2e8a3113dad07fcc7ccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
216B

MD5
7adb9edf5c098540713a1dbb6b506e5d

SHA1
6c0166e869f13f9d6a35d70d367efa069d787994

SHA256
33be3c5b94603814c521a9f469d4b662fb2539d17e29a4deeb2945f504519a52

SHA512
f53937cff1b7a6837ba7852e9c1fbb4dc08d529bb577f7341e17fa64f2ee7a6623fed2f38c9df5c7f72c056c3bee64176da3515a8936ef9ffc09ad9fa89a64e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580ba3.TMP

Filesize
48B

MD5
9fa119e18ff36b41bfe9db94bd1b2cbd

SHA1
37b3ebe69e538c8c9cdec9d567468d94bbc9d493

SHA256
b795adc9fade7adef4bbe1c16a50fa751b6ba6f5a9afd37f3b565004c15c0592

SHA512
5eec6e2be9c295994ccfd73ce6dde93ff5d11cbe06870d91c283a91b8957e6d8c98e1ed3d6d26d9701f6f25711446c19e208b7fda60de08c76425d3d09be4366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5a8d110b7d7c59d05b1655f518fd7bbe

SHA1
ed25fa19f3fec6bea9a5ea4213b054a153e50b61

SHA256
711a5f7b8c308228362d6fa0e77f8cac56b46178cff46a35a1ba6609b24c7c11

SHA512
396eed077da646c29b5496745362f6f84ebc2d5f9f4567c86b52609c06afe43b92cbddd170a7e4e367201b23ced88a87becc55fdc5b23f7f1bea6358d5402588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
756a60f55e6111319322ef9bea169bc3

SHA1
34d19269bf2b8641477e0f8530fe4c0019afaa61

SHA256
a252a2b3a724ff5fbd2a7dd7534b9ffa105dd91690ece093ef788adc0a0be65b

SHA512
9ed5d5b2927d09e7fb61429e49b31f07f06444e4bf2f993d92495595d68603ed107a8deb8879600508ccf1164b91c096d672f8857379fbe60f588d033e096f07

Download Submit