b580238f3a619d9b7c324ecbe24a74c8852a8cd41a2fa2d1a3f6ba95cbcc2d6a

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 11:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

watch.html
Size

811KB
MD5

0cf3f33dea499ba93059d7e2f1e5277e
SHA1

ce1eab31137d800ce54bbb84ab0d6491fd75060c
SHA256

b580238f3a619d9b7c324ecbe24a74c8852a8cd41a2fa2d1a3f6ba95cbcc2d6a
SHA512

af5fd6bb3b74755afd7447c4f3e964860b9f8c16ab53e38336d85b616de7973d50fa4899f64c67ea94ed1cf00694726cf1376fde7427190744655eb8581e2459
SSDEEP

12288:Hq8O8A8v8E8J818B868a8ePtgtXkaHEJh:Hq4XkaHk

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4608	msedge.exe
4608	msedge.exe
1700	identity_helper.exe
1700	identity_helper.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 3288	4608	msedge.exe	83
PID 4608 wrote to memory of 3288	4608	msedge.exe	83
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 3084	4608	msedge.exe	84
PID 4608 wrote to memory of 4988	4608	msedge.exe	85
PID 4608 wrote to memory of 4988	4608	msedge.exe	85
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86
PID 4608 wrote to memory of 2656	4608	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\watch.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa159846f8,0x7ffa15984708,0x7ffa15984718
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4741531278779686143,10994660150855719418,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,4741531278779686143,10994660150855719418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2604 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,4741531278779686143,10994660150855719418,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4741531278779686143,10994660150855719418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4741531278779686143,10994660150855719418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4741531278779686143,10994660150855719418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4741531278779686143,10994660150855719418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4741531278779686143,10994660150855719418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4741531278779686143,10994660150855719418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4741531278779686143,10994660150855719418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4741531278779686143,10994660150855719418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4741531278779686143,10994660150855719418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4741531278779686143,10994660150855719418,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
757e91bafc9d317ea258e54328d17123

SHA1
537d0d89aac9a7e1e17f53b318ac6a8f93f88397

SHA256
401efb933ce3f0621140b0f91be49baabe8201e6a1bf03b8862e09b6643ffa5f

SHA512
86fc9b17bf7cce8d080556098d42ab2d6c4c6ccf1d1a26e197ee9ed50d43a41e6b477ed99ba492a505e06d7f6173125182c2768ec6176b817e0d49f9b3c3367a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
22e7228a85a8019acd047d577a2a8a51

SHA1
dd0c2bebce51277dde8b12d83c852535004a01c2

SHA256
b8b3f5f17a696a516cf23f7a88412befa292235054a81bae9ce4f28af3240e7d

SHA512
0a70b007db2c8a29803bd5eb726f501f96ffc6c59f801b54a380ae6ff4bcf1a138f5952af1815dbe5749a2617a2723810b733cfb714c747f7293127bb844a59d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
365b74c27114da22921680b34630c6c6

SHA1
b39e061227d671bb0f48d324ff2a4842ce6d69fe

SHA256
537dbe1babf5b9118631d124324bca2e2c3eb579d4130984c162ac8a70a5cf38

SHA512
dab395f5df37f84bb66984f528f1ef84b66d529cd72d85f278c8cea46035842d36b40e2b07676667704fe043349d1ee4035976874bda88d52aa34930b2fb0206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2a23a1fcecb970f1bd072dc06153478

SHA1
42ac9d8f0fa9941e6371ab358fa0d917f88e22a5

SHA256
2eb19c6e64916199eb4a41b54970fbbe0c91c1ea4cb5177a0b97cb109a12515a

SHA512
60b75c9fa456d5d1cb662ce2f64b3d61a5b08e15bf4c9fe3489e5a1aa6b48ef16ead08e04b3c5a8fff2da27b3e314cd6dc94c0cbcbeca450af9ff4f62fac5a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31f52ea0f1905d3a287cc3c08d0015c5

SHA1
73d56f6d2fd3b7c0a252f1fcce39119ee66702c7

SHA256
955e52363ac458eb055fed513b188244d8a42f00c9f285478aa66dcbc4e6870f

SHA512
33889d1099a7b58b7323173d3a25a01033bc14c9c48ea46e60cbdf2dd232ee74fafb6d12b9fb30c8adcd2d0c83337596a78f29512d17a4c25398b47fe5884923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\264d330c-90d7-42c4-9151-03b826c0c708\index-dir\the-real-index

Filesize
2KB

MD5
cd00b467f438d04d974d440c9725e4b0

SHA1
1856298728777c11b694ead17aef0a8176546459

SHA256
70919e5ca741f2da00d69d50725e81a03587a21f2fbf4581edb2da183aedca85

SHA512
f06441eb80bde27d6cb73b43ebf84e4b00797959256836fb7e1805edf9a6c40b89c35c4b8bb7412d3863c48e8b05188b3fc071153484c92b4be3ea37af0deee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\264d330c-90d7-42c4-9151-03b826c0c708\index-dir\the-real-index~RFe5860b9.TMP

Filesize
48B

MD5
85bf59115aaa6af54020a322730d286c

SHA1
511987bf3ff47cee6661b1e005be7af942a57f9e

SHA256
20f2aad3fa91b16d5b3e3004d1fdaf413c8e014402e5c97e8d25fc1509416e7a

SHA512
53cf48a5b79d390ed9d13b05fb89d5611e59d7c0c777dd7211def92632f136992f75451ffae80aaad07930f4f1850176ea35f6f896cc17120368fef9961e119b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
73B

MD5
0317183571e74ecaf4e39827c0b5cae3

SHA1
70933794d691f07a1585eb68283daac22a87630b

SHA256
9f9dcdba03fc3e3f413b1bcf84de3bb755b3dccda1a856e2eeef74ea22c6a9ee

SHA512
e3a12b2373bfc06ef8d510e810391144b8bafe0ab2848e66586bf58ea907350f944e2680220d17df4f52b52e08f7b80214088ad8cc7542e3ea5e153de781493c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
130B

MD5
91996c96ab206c8ad8554fa2a358de60

SHA1
c793fcf6080d950bd5a1c0ebe143d2e018790e2b

SHA256
49067e660c9ab00b0e6a32984ff69df6bb0a4cd306a86bc0b36c458c5c9b574a

SHA512
443c974f2e724daa47a18eae8d4e1d4acf03fdea3bf03c4a19537d185d4a5387110ceec6473053cf80edfdac770e7024c5c951f75f9973ffb24402abd7c9dd49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
68B

MD5
b96e3548e419ac383169ace157c1827f

SHA1
22a611b67693533cc6c3c61da1b65d9e31d8b781

SHA256
4349c1a5676a1ca85b20e14046c17f4e8b93a078dd14a9313c83e8097270b84d

SHA512
1956187aa4edd6a2eccc5a4dedb809d8ffa20f3081910bad8c5bdb4fa47d32da5132d96329af1786858f115b036c2cec0ae9d57fee50cb47d92a0585a7ca6415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
66B

MD5
aeb10d906c90e00865f8df7e34170ddf

SHA1
eb629a3c154ced5246429a654e93f65dbaa16866

SHA256
af483a11513faf5d151c990bbab484cba91a986e82d8162971a72ec700d72064

SHA512
3dea4b908b7b306cd1fc0b8caa9ae6f71ca02311d97807c60b72cbc3cd99d4db08f08944dc519dde55896cb894d81a9efd6177e961ee1d9986ded6001b1cf05e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
975b31e7d4d6b26b5b3ffb952a405475

SHA1
46d63652ae7c20a836912bbc5fc997d4579fc449

SHA256
099e11b71b1e407fe262d970ed4be6bb0333447df69a4eda429d2f466b54caab

SHA512
965742a20bc54100d26b497da9c579729905741108de2c3ffc7d2c1cc17c6071bdb4a361cf028952004094851b91fe28d6c257f8e5829ad9b25575453b02c47d

Download Submit