d34362202085a4f6e88746640f1f3a240a90c97737e42e30ec3590fa66823881

Analysis

max time kernel
1680s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-10-2024 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

watch.html
Size

743KB
MD5

fb940ae33e3c1dfcee9e9f6e3e20952f
SHA1

43ba907fc21eeed1a8771b4b00582605dd93507e
SHA256

d34362202085a4f6e88746640f1f3a240a90c97737e42e30ec3590fa66823881
SHA512

d70364f06e56a5b63e5d525093e7bcc012f6e67e7ff5ab7f6c6c441ac60a053665a722b2e421c67eb46d8c69e66f27e0fa5fb95880f17e9a3f3a0a203f363a74
SSDEEP

6144:T+nKu7KunKucKuBKuMKuEKu+KuPKutKufP5i83DeM97+3zlFC667cYC29k2rLt/m:TWK4KyK1KqKJKdK5K8K0KOP+vcoHdPH

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1376	msedge.exe
1376	msedge.exe
3416	msedge.exe
3416	msedge.exe
3836	msedge.exe
3836	msedge.exe
4020	identity_helper.exe
4020	identity_helper.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 4808	3416	msedge.exe	78
PID 3416 wrote to memory of 4808	3416	msedge.exe	78
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 4792	3416	msedge.exe	79
PID 3416 wrote to memory of 1376	3416	msedge.exe	80
PID 3416 wrote to memory of 1376	3416	msedge.exe	80
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81
PID 3416 wrote to memory of 2688	3416	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\watch.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff84bef3cb8,0x7ff84bef3cc8,0x7ff84bef3cd8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,1831418944345659522,4167568901755646670,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,1831418944345659522,4167568901755646670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,1831418944345659522,4167568901755646670,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1831418944345659522,4167568901755646670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1831418944345659522,4167568901755646670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1831418944345659522,4167568901755646670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1831418944345659522,4167568901755646670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1831418944345659522,4167568901755646670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,1831418944345659522,4167568901755646670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1831418944345659522,4167568901755646670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1831418944345659522,4167568901755646670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,1831418944345659522,4167568901755646670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,1831418944345659522,4167568901755646670,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2480 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
634735a1a788d54a454b760d06ae9c7a

SHA1
c405d2653080ef36a3bdbf6027f88a9a2acd9d94

SHA256
05691ef42e0ba62d596867297b8cf2bc2e2f2beea0727e23dbed68fb88ab58eb

SHA512
6a24e119bbbfe292672bf05c68076641204a32e9e111f7d4180d71bf929c1a6a9ba2b5c3a8e2462c11857c0a33f6e121a95c67ad4662d2ff64e02735b4b0b6bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b64fb181d29b9a7a0d97e99b5d09e2cb

SHA1
3cb4c6cd38b3aa89c4cce85ccb79eed030679a5d

SHA256
43295696a6f0cad848fa556aaeaf3bb24ad29d31c7ad01ea0ba20af1ec2040aa

SHA512
437eb749f46a07278624b629807b04a42dc4f9dc87a015d772aa6b664f3d3824fa010edb2e514fc20310a4aba7a1186ac58fdcef3fc1a9fc6d41a34066ce29dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
76636e18391ed209db5f54b392a4d1d6

SHA1
b88ca63ab4f2fe0b3427b615ffa6418fec2b1754

SHA256
0193e70ca904dff8412e257560db4066c645caada60527045dc56e0175c13cab

SHA512
2f23d8b8d78ea532a7b515e442bc7b01b1f64ec9b053a6b5841772b330b0ad4b47fdfa8f5ce6fb8d9271404aecd46fc99cd2c7f0d7418a4875d61818880d36ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
30c25de4893c3bb870e65507103f6c00

SHA1
5f2f7c480d9b0af4bfad302577b291e7aff688d2

SHA256
5324311602cc9db9df32e24b3d3d847af0d930b5945e21e185784a69360fa111

SHA512
ef1eb4ffb13fdde395a4b27ef874651cb84981c01908c411b131632de7dd39e24ba647f390422dc61e7ea5fd5e60a8155efe666d3c8374f2b482d4ac138365d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
adb0006cd9e9957975158155ac0a280c

SHA1
cfc262d890ba160c6610023e67398627b44c301f

SHA256
ddb991a3f77c9ce00d260672862207626769ea3eee54b7c8d5e6395180d1ff3a

SHA512
fa791a91a3bb06ea3b72060b6bd66e1b0c974efea4b89782e85f7bd6b885eda1fff90b2a476c939dca2961940db5bd8641e60975f2399c660c8ab923c5007687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\8befae67-5b1c-481d-bea3-8b17cd2533d0\index-dir\the-real-index

Filesize
1KB

MD5
18b067bdbaaab70890490326f4b735e7

SHA1
71ef3cc78c711afab137e7659516d7f7aa3ed950

SHA256
64cb03d25a5c03b8c70e82aa1e861203763deca2e0f8325fe9f594d6503c75d4

SHA512
4d826ce82f5e5c3c2d4e5031e0b2f0c50a34ed9a702ceb82e7bfa2f55fe4b7b14e855a51900b7f0f32e3763cb3b5b18ff37584a0fd99dd9372bc5375d867ee4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\8befae67-5b1c-481d-bea3-8b17cd2533d0\index-dir\the-real-index~RFe5921a7.TMP

Filesize
48B

MD5
778f38fbf6368e656587acb08603f844

SHA1
6793d217ba0ed0e826b1de8c1ce4d62b881f3b44

SHA256
213055f51aacdeb052bfb043c0289f5f0195f2e110f6c4e3bf221acd9e828b3f

SHA512
c44890af145bc852d5a207a6fc06a9712deeaf03e964dd2379bd7d7ab1fe63ccf28da658343c3d55f81e57ae05619b6e424e6e29a2933dc5f86c5e22a3045295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
66B

MD5
a0fdc063aa258b14cbb20840252af955

SHA1
b67650393bb10b31f9dd7c0a3772a62e03ba0810

SHA256
d9a327248e4d30855781a4baba730d8216d2253301a412d6193613596b10ee42

SHA512
59f45dcd14bcef1d83618ec197b1edd8fc5053067ed823f09152e7e92e8995e6f8b698b8980c663738b9296e4a252d442269786094b71c7097694e7b318d09ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
73B

MD5
e43fa1e55cd87c524738aeeec862bff6

SHA1
402c250e37ee34447d5eec584a6e8734874bce4e

SHA256
0227a38f637242295c9452556f9068522b362b41c40b26c76f5e66dcd2cc8c05

SHA512
8b5c6f20e8947857518c788e951a28a8239a155416b6904ddcaa5a92785f13ea8258ef44d2d06bad4eff2ebf56a5634cab617cb9b1cb949ba39db8253d0ca4f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
68B

MD5
bbf32a251fa377d72d787d42448a19c3

SHA1
c7f3bdd9d6d411adccda3be3203672ffcad9d19e

SHA256
c27944600a975ee4d578d7f0c6f2f948bdee473e7bc46ff8f15a6f0b518f1022

SHA512
f190bc2f1c8059d6cb56e4a43f1bb3d54eda8ec3cda79c1ba376319201a4a651aea1e6a299e0b7055bef9b446b4578b7a194be5cae9f47ebf93236cb743837ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
130B

MD5
acfea005d18147e6eda389c7195700ad

SHA1
5a7d3170f123607fe7cf2a131f21d47887fd01ec

SHA256
18b23a0136f3430f742467cf4f25eec005aac946af10ba95dd4da058580c067c

SHA512
6c16367ddb2346f78489f3a1f56bba85167cb49a2a4e8b747ce0bdec2c7f145f0eb316dd285887a47dbd26b9223aef96bcf94094bc966cc86c9ebc5186184be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
8e528f7108d853190432c59bb82c9c32

SHA1
907387e2e430122e3f74af7fd3c8d1372b0d2512

SHA256
58e29274a06ee1da5a7f47fbbe905a8aa82808fd7483dc83b243cf67136f5be0

SHA512
01d63c9cef1bc106b2ca5b463758008942b5f866749d3b4c686b82db3126dca6060406d7aa25621ae297d76fd3f9519b8bd4a90242a496ae1614c7ae99d48c8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f4ea.TMP

Filesize
203B

MD5
310f32b508486945eb8f240717fd3fd2

SHA1
fd4602c004f54aae189a8b9b8d143dfb338f3b68

SHA256
8f7416643e59958bc261fa708ec7a73d21f3b2a738702e1345cb31ff6872ef3d

SHA512
07306f2d75a3294bd7a50fd7e35e44d11e0f93ec2d530009b10497e10765c0543681726bc623ec66ffcca372c002b2bc0dcc30d76a8def6063856247f4c65bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c90fa95cb83069eedecd47cc6b7680c1

SHA1
b87cb8cb3d184406295558a6ab49b819ff8f4b17

SHA256
9f1e257d81cbbe8999d21c8dac3bb7547506fcac74ead80660b74efd2dd0c3bc

SHA512
0d7a483142a3635120a0bd463dbf4dd67bf2d2e6b4acaf3306307874025e28f567930a14d1340394e727a5182998adf90c132d6af9606701e05ced8d89575ac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d1553e697c7c99c2e5aaf4b5ef95c558

SHA1
232589c8f66af7c61df6298aa5670c1ab9cab5f7

SHA256
4ff84c937582661952ebc69ee0af5cd3b531502de58d1ca41f4dd7b9e357ff8b

SHA512
3ce42d1baebb8206c3fd7c182df702eac61e60cd923340ae81ff6ace420503e876cabc3d710182cf63da6d2736d1575ea39f8691dca33bd0ba7418c05e7ef9a3

Download Submit