hxxps://rebrand[.]ly/brand-fwjn6n

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2023, 06:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rebrand.ly/brand-fwjn6n

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
2212	msedge.exe
2212	msedge.exe
2828	identity_helper.exe
2828	identity_helper.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1184	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1184	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 3416	2212	msedge.exe	82
PID 2212 wrote to memory of 3416	2212	msedge.exe	82
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3804	2212	msedge.exe	83
PID 2212 wrote to memory of 3508	2212	msedge.exe	84
PID 2212 wrote to memory of 3508	2212	msedge.exe	84
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86
PID 2212 wrote to memory of 3660	2212	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rebrand.ly/brand-fwjn6n
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd762946f8,0x7ffd76294708,0x7ffd76294718
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3460219432721271675,11810357141069812040,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x398 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1184

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7ad9bb1054aa03e39b3554833d0c3ec

SHA1
cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

SHA256
0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

SHA512
d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
0cbb9a372ffefad2ab42f6cd6d6c0403

SHA1
04f37176ec9219995fc6eff2f3432ba759cbb910

SHA256
d8c49c0cedf73090c8958ac1abe3e0965a252c60c80f2e123f4d6dab5f93d77b

SHA512
69593d01855b50e9b34c049ce0a22c5f4281e1b8cfde53fc57bf3a991ecb4d16d59c4b84eb0b20ba318533eaaaf67488c6bc071976ea13489faaca878e060513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b6c84623f3dc2141a66c881d2f8a08fc

SHA1
10de2dbb859f1ff32c02e76e42741229940299d6

SHA256
bdda81747b7f8319651035eedde7656589d3df0a63320e1de86e4524a299cb46

SHA512
02e800ed4b638ba59c57ea40e43d3e20b918a852b2853717c64f1cfb5279cfdf7f88ab28007a4ab6f349450dacfd8ada4689167b5a8dbfd4e81352b66014b4eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
130fc9d1a301ea0952a7638a2a6db0e4

SHA1
78685975224268e68236e393e1e542005a814e0c

SHA256
8dc91e0d5bf5f5d15d5daa9f4aaf0a97151d8f3154ee59c179593081ed099e3b

SHA512
aa4042efc76290bed7c8f9338f09d067de95e172f731af82a89822383f18eb3aa174c98c9613864386d21100793e525aad0a9eef8a6456baf01593cb84064ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7c9d4afe63dba6b598706543f00b05fc

SHA1
0f26836d339e504ac14b003f5d42592aaadcfdd5

SHA256
3847f76a461fdea0ebba9dc82b9ae20b0567da318954f2aa671c247bf61499b7

SHA512
e9fd7adbb0df8f7de74bfb25ee0cbc8ce871700f652abe2b3aac1bba7be03d6f9b438f2b6eba8280e17674deeea4d0d2ccaa1a0623b318cb317d45a769551dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8b94fcc16d1adb598dea07ec28446e8

SHA1
627a795282188be3848d8b80a6b38c810f0031d6

SHA256
de5aea99c4cbfe818dde0d8d0d46c878a2533ea9aea02ce16534985c4db8ffa9

SHA512
f727c59a263c012038e24d0ac1f95e2195100b7bab5b449d374190e5fbabf2bb43ff870dbcf31ce3d762620681879306d7cad83152882b294d2f10c968651183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e62cc4051e1f8eaa0abda5d730a2496b

SHA1
d15346e40b196bc313cbfe5ac96b3c90b83345be

SHA256
ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb

SHA512
3e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1e4aaaad-049d-493d-b619-cb79d4f1762e\index-dir\the-real-index

Filesize
624B

MD5
9d5647e3c96bf7a2992b73ac663c5409

SHA1
01458f0a4d772bda5bec9c1483f80628fc1dd987

SHA256
77cf7a3581805a3551c26cde9efb988ffe6208db8b6cb50fc1acc78ac1d4f9d6

SHA512
e8a6c2674ed7d0a53f3ce52488daa619a87e7699fbfbeeb8a48cf2d7353a1889db15ef99b2248a1afda901c3d7e9e513f25bce86a879ff75eacdc2f173c660dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1e4aaaad-049d-493d-b619-cb79d4f1762e\index-dir\the-real-index~RFe5828ff.TMP

Filesize
48B

MD5
36adf4f04add668b4ff18c0ce36bb3b2

SHA1
7bf57efa41b07984063006afa11abe41f2f20756

SHA256
bc36485680b8e420a2b64cd8dfa0cecb0362df9eff9b3b3ff1964b00f2714657

SHA512
c1caf63d94eda4686dee35367ff1c2d44e4cfff515919c5f4fec22886deed0db449e9a0c28905f6db1e5f7bd6e39e3f66e48ef249c9e4848e282510bb844e349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\27627313-7130-42f1-b3b9-961a73561ca9\index-dir\the-real-index

Filesize
2KB

MD5
93b8136898e8d5cf16ad5b8d5c858b9d

SHA1
2ff882a66fd8cf108f670f4218a35a4316bdd565

SHA256
5dd6ce0c8ff4d591dd664b2a57637be647b1bc532e921b12979e2da98c4b7711

SHA512
1daaf2258f33429789e1254b4ad1c707bb96238f56bab791303a7593830c295acc3a845ab9f2cf2f0664b92d8e64b0aa0ce1ba598909fa08cf65dc03f805cd3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\27627313-7130-42f1-b3b9-961a73561ca9\index-dir\the-real-index~RFe582536.TMP

Filesize
48B

MD5
11b12a2d69f5b78bb032273881136b90

SHA1
f60ccc920abc0af945d6855276f811fbc00cfeeb

SHA256
fdf8b587dbc0fb6b36709116d1031ed98fba95cf22e295124ebd5d50606b6a36

SHA512
b095072075214e610bf2fef64e2226b8a3740ca2aeb028af72fbf1de1d04d550d1ed93f7c0c8abd315d4fdae96c1461aaf2100ef294792ebcf095a90baee5b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
b5262cf715beb256495e0a79ad68d7ab

SHA1
958759ef19a77df47ed6fd3447c4b1d8cfa27b4c

SHA256
f6e7f7d891378a5637af74895e0bc37920a329836be12cbb756d1510bb9027ca

SHA512
13ba47c49725e2a60699bcf3488020065e7dc0db73f5c0af2bc87619ca79a88c5044f52474d9bda55d6c6ded2bf9a58c9f0fabb439f9c328317a5078e3782ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
42d4757082189aca46bbcf62e01ff91b

SHA1
dcb4f613e0c3a71a99c13443bc8ad564c8af376c

SHA256
9efc6e7948c35791f927cd62e961ee3929bff36bb9108bc4755e9bba7d4e0044

SHA512
a81dd3c7a7fe3e2533750f5ef0d7b36104b603c850d051adb8012da0434f2f398462fe4a32e5f08e469a2fd8f62cc2014008d14e8bb93853d2e1bf876b80d8bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
deb6f9f44e76adb307337389a6ee17c1

SHA1
f18c6e102d193b82acaf7029558f6b08b4fe8e59

SHA256
4a964ed1beb09c4d71b55b6fd83f4fa72454317d3a62465dcb8e598606015e25

SHA512
70232f1442a99494721d615fe55787e59e06b40fc63b34e5831186a1c984bfd813c1dbd7892985ae5e14ef09c34de39daef4a20fb6081326cb3a7b9076e1efc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
31c512a1d7c20a035c6b49e97864c1f8

SHA1
0e3e6869811aa664022ee605ca5b990b0939fa45

SHA256
3ff825bbfc6addd2e5af8097193948b1a40e279be75d597dc1b7a985bf69c43c

SHA512
6f27ec1570eba557c3653d437aa538ea46b0b4b293fb4c0be4965a98c48988fdc4b5aff584cfc081574dcf3eb5160ac14752f9d59c155613f8553b438628cb65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
ea6d8db1eedc236638ea0ecde0c9bf31

SHA1
9e67d004d42ac1602a1f3b2905806448c5774562

SHA256
19f50df9c5fac2c2659092bc077ff20d07c446941968f4b87f28f8e1c6690ef1

SHA512
d6d671472d50482f2479adf4b01fe7bb64e65780c57075672a2c95983e439d17d4902ad1f1c30f0f4ff8ad57832ac50c33258d2aa1bc38efe828a289c1bd6c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
773b108356a3937aa110320cd7868123

SHA1
f2bf20103aab6c403b6ee12aec38f5530011dfa5

SHA256
c674d60dc693d50cebe7890e96a47d434154c1da03b635a3efc6d0349a8bbe56

SHA512
9107628b492a4992d733c58cc2d25f9d3775f0c6a2431ec9e64a6e3ced4a3efc34f4ddd5ebe7a7687ef3730f784beeb3b9ee4411f4ecabbf572077605d30eef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58173c.TMP

Filesize
72B

MD5
14466138b46422833dfdc38ab1c48576

SHA1
65d3c095bd0ca3482216f798b7875739a935c95d

SHA256
43e0fcf7144b489e0367e26c40f0e8fd97bed3f36c206cb906669e658b251db9

SHA512
8ad1dd5764d619b513b11eb908b2d640e243e0beba98528b3b30b5cd2c594fe6ff04736e31010e363000c667ce87f5cb5bc0fd3bf70f03c8c033957e0d1589cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8a4e410799ec6a5cc141af457f19b0dc

SHA1
dc95ea2966a99273a3a07fba78206a486187be51

SHA256
4b7224fe30de0c818f07bd2c8973baadb26ee829c3256689df53d5992ac23525

SHA512
6b1e4d33799a14d298c97ea9cba23fd6baaf6b33bb7f18e18f664989eeca8ea2ecc52a9ee126eeaf92d92f45cca68bb5c0cb94b91a4192c80101407a5e5ce7d0

Download Submit