hxxp://123moviesh[.]biz

Resubmissions

23/01/2025, 14:30

250123-rt67sstqar 4

17/01/2025, 14:00

250117-ra484azrcy 10

09/01/2025, 14:36

250109-rywlvsskfz 7

Analysis

max time kernel
66s
max time network
66s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09/01/2025, 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://123moviesh.biz

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
2972	msedge.exe
2972	msedge.exe
72	identity_helper.exe
72	identity_helper.exe
2264	msedge.exe
2264	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 3356	2972	msedge.exe	77
PID 2972 wrote to memory of 3356	2972	msedge.exe	77
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 1180	2972	msedge.exe	78
PID 2972 wrote to memory of 864	2972	msedge.exe	79
PID 2972 wrote to memory of 864	2972	msedge.exe	79
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80
PID 2972 wrote to memory of 1820	2972	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://123moviesh.biz
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb516d3cb8,0x7ffb516d3cc8,0x7ffb516d3cd8
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3924894983261297695,15559018932308933422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
29d1c414f2be923a699696c424c34a87

SHA1
d725001f9efe8f6082dd00e3e821afc188ddc8ba

SHA256
10a06d40aa8eac83d7f671bfd7f223d539a5f48bfcc25dcbfcc567f0289d12a0

SHA512
0eba907a4752b668815f89a7e45b212fbb3b9c985038fe360f71c59e0c61cf7d6657f85edbcb870d61b7410341ecdc0be4bf81db914dc082c78867c44f847b16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
f0476f6d57b22ab17a7c5ff779dd4b15

SHA1
9d90dcfc40bbe8d1a51acdff9523c67901ee7202

SHA256
8cd9aac6d4841ee565460f93c9fb963201a65d1fe8feddf33c9f6a829d474661

SHA512
be5ef84fd92cdfebe41123a9abff616d82bdcb76af5783be0c9b595e83ed71683e5cb05d1b51ba58fc6bab749b0426796f7be646e20a74e36021544ed7edcc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
eb36c975e2892725ffd150b0a98c6aaa

SHA1
fd01b499ca6b45ea66f3b149616f685d41b7ee53

SHA256
0910a330862b50f164dacad862f00659cf588765dd813df3ce12da118326041e

SHA512
4fec04d7b865cdd5b0b1f78cfd9c4a739ad71ebc28297cde0a5ae4bd67db7b97a67b9277e16a362f6b84b85c2e3f69d1a97b9f03ca07c5504a762ea371efa5f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0df501954247e13f9a487ba27eb6d27d

SHA1
ba7d0675c6b8d146d69d07c25be10ef171909002

SHA256
d0f0863d175eaab417dc90e133a77b5f034e1d24863305f3c0b17460b61ff397

SHA512
ed577742c35fc4d67fc49167c5de577d07f5a0c7d014a8b8d03ff05e0f108c5a364fcbe47f07afe54bbe2ad9a8b6cd1a9063dd40a0b93c496c54155b4b91e31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d904ca250e16c5f38ad63c21a07655b7

SHA1
c2e593a1ea32fdce729e57dce9e2e53c5d5575e4

SHA256
512bc3a2b89b79cccf29bcb2b1973c2752075055e4a5cf41d974e8665a15b085

SHA512
7ac3f2f2af8ccaceafb91c701a8ebc351485756ee0aab6691baf9556d0ceaf0696d030b2274b3dbd83e79529f7710013073beaf788f53143a81dbeb2765e5a99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f659bc058b68b4b978431462f2a6daae

SHA1
88e362df4629cf161b4600814c8f940d5ca129e7

SHA256
cc6a09e577b2b6cba6bcd889c3520dab9f5967de4234f42da9c01cf495f75362

SHA512
bada6ae4dfb4e5a0d0947e1f468066d4b78c5405bdf9b08f1af2ab67977488a0563078316936ca00393d4337fcc1d6615dd52cc74b63f08df51f099cfe019c6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
216B

MD5
ad62974a0895ba76444a0d046f59c3c4

SHA1
f2555d536cbe100687412f811a107c833b01a15b

SHA256
592eb725ad30ccc596ededf7d0ce3e4ebb8fbd60d30498cf47c18cab90526ee8

SHA512
1f41a4c495c8135bd9c722580be0d59ead4592d230e9711bc0ec0a84edf99cf6c319010813b36bfa37c8b067a7d83bbfae84da50d1851df62de74b0027cdf8cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5828c1.TMP

Filesize
48B

MD5
fe7a021dbe547128d1c197323f599cae

SHA1
2a3759f1fbc25dad485610a9b1f2630ee71ba973

SHA256
d0bcc099e5ebb54b548f2ab78cd8765fdc327368a558da912f8de5fa18dd1718

SHA512
98982aad853318655b8135fe69215758a0a707b0cb85a47cc22148f88d90c2ce54381b623e3aeae0c08e0b0709b3685cb8b63f0d3490ee0510136ff65e725ced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
83aa72a9554bbf1968fa0f2e59f590be

SHA1
d53b62571cbca0199056ef7fa8302ec7b0e49ac0

SHA256
3234e69e6d34c4da937609023fe0c5de27c77f365b78739487d2c9533e23a8d1

SHA512
15902f8e262dfddc4f1050bf0983a15268a0a64041b46892f0ba8823cce4e89fb5b67059eb849bc8e700d1a5e4b522715182bd1bd7be9308970f0f512debc6c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
85a23ad2868b593cf73bf91c2f9f8c82

SHA1
0b151cf374eced5784ff97ab72af6c6cd8a919e4

SHA256
63e06d549e6461f98d5cb425288e2aa4e36fd7da72f6dcda5635dc893899d9e1

SHA512
f8f5acf81f7452510f81e6b50d7d0c83b952151f57122cde7e599199a7a0d0025b202d23388be121ae9867c3a705bc86a566625015bd271b6e3ee711bfd84040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f30b.TMP

Filesize
706B

MD5
aad0343fb814402f10202c1507f42cff

SHA1
50a986c1b0e5808df5bc8cc3a5f5458805ad19af

SHA256
db91b240ea8e5739d3cbad1b7d6b8f30075d318a4b62a7c8a2441d9b717a2b30

SHA512
ed48b4312e21fc42bcb06c3ca0795f778ff1acc949b630e6ee282316ea88252f1c40ee53d3102246525b06caaae7b5828c1a53e16696d7ae71f9e435084d433a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4f64ba4c9c1621a0be0260341e30a00f

SHA1
3d0b48cdb2b4bc51f3ae69ba0649f7f8f441aa58

SHA256
81711e64f46683dcdf8876da1652cebca49086ad12bea4a1824af2f193efdf2e

SHA512
ed112c97a03e4d042ae0bb4bc79540d604caf613011c29d21d8ef689283ce7629c8c677941f32a63f4fe66fea4d3e20fb435eafc7bf2765f1c01c4c7ccddd34e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2b2c57a8160e8773f75f64745da7bd35

SHA1
e939d93aaa49338db20c6657c12be090fe16c0b5

SHA256
e3a5fe5cdccb9f23877aa514da51415e6909f1838b0a27470c00abaf6dd4a58b

SHA512
751b533670cb746c03ccb28c3d0c45e288d7ff6a5110c5112b8a4d5551b4887f1315f27656715abb578553dda32ac265943af5665f8bb749934df0fb5f50958b

Download Submit