hxxp://ec2-44-233-33-191[.]us-west-2[.]compute[.]amazonaws[.]com/x/d?c=34120626&l=7121bf8e-dad0-4ea7-950e-0ced66ef9bb5&r=dafab07b-a4ba-473f-89e3-a46c017bdb25

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2023, 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ec2-44-233-33-191.us-west-2.compute.amazonaws.com/x/d?c=34120626&l=7121bf8e-dad0-4ea7-950e-0ced66ef9bb5&r=dafab07b-a4ba-473f-89e3-a46c017bdb25

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
2696	msedge.exe
2696	msedge.exe
1568	identity_helper.exe
1568	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4440	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4440	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2520	2696	msedge.exe	73
PID 2696 wrote to memory of 2520	2696	msedge.exe	73
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 2100	2696	msedge.exe	82
PID 2696 wrote to memory of 1912	2696	msedge.exe	83
PID 2696 wrote to memory of 1912	2696	msedge.exe	83
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84
PID 2696 wrote to memory of 3176	2696	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ec2-44-233-33-191.us-west-2.compute.amazonaws.com/x/d?c=34120626&l=7121bf8e-dad0-4ea7-950e-0ced66ef9bb5&r=dafab07b-a4ba-473f-89e3-a46c017bdb25
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ef9146f8,0x7ff8ef914708,0x7ff8ef914718
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4012 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11036941477878729710,18146456080003917862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1532

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x440 0x438
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4ec02640-d1fa-4255-880b-231cb76ff20f.tmp

Filesize
5KB

MD5
cf4d96fb6705cff2f7245bd2fda4d8c5

SHA1
e19b0d30b5240738a4094dc3d57fecc3cd1f6d02

SHA256
5eed1bde90c0c4728f71eb151ad3d632ad15c070e377870d7a33a796d33bac88

SHA512
43e44602f50f6898f674175019ba10ba08a99877d2018f1462a3de54ccf55faedcd060989bf0f50032a5495d74cb304dec222d9649141003136556d303f526d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
b4c3d95361b57dbe59cb677e9d854b76

SHA1
f2b92dc1ce8f7d911d1f292b5ce80f5d76e97563

SHA256
8d3cae48a7b8306f63160f2b63466419ef45df0f881e06685bbfce072cc7bfa3

SHA512
1599d427fd706048511111bcbc4ab22a579e99c3b766c4e8693e883fe50ced49f98d4e54b9b385e55cd75dbf6357df28113a1f3c2783ce2cb49cd29e70d7adfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5132923b3bb1ad0fe8d17ab09d09f014

SHA1
5555b6c6049e2222f09ec365567bec1a3279d689

SHA256
4da501ee5ce1adb88869463380d6d8c3e7c2790446da99cdb50c25143f50384a

SHA512
e08d8be0e9e91866137a4457f17c74279d090e886b74eccb8064b1154640c22463b7d2204fc0cae42b1bd2ca8bbbe88f4de7fb5bb269c68355a1b2f65312150a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2e462b5c173c63fac82025da615b8580

SHA1
d6baf7c44766ac266ced8ef890c7211071ae12e5

SHA256
58aad21ba522c85877b56c0b008d5d1de61d4a5a25ac8df8ad2dc1d40d3ae948

SHA512
2459227c909e5c5d93c704d70c79613799f5c4ba98e3a4a5cbc5028d2d5f5b07015c072e29bf00d586d91e86402acd4f13872d5377bdedcb9b318776edecc583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3083673ea8d2a3898e8f4ab2261df84b

SHA1
ccaa371dd8d02d7d8b32bd50a30aa6d2ae0a7e19

SHA256
841d9603f1ea62deb144883d5e361e3c54aa5557255ca1fcfa9edf9c12b54e14

SHA512
846891c92c91ed6fa29457ea6f55de10ed52d91f648a2f409fc154f4765acb16708a9940ff1f2827211b0e3d9cd69c2f715cd9e8ef592d0b1fa8e5035cb23bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0c48ea6ea395aee5ef0c2b5da5946cad

SHA1
d450cdcc51c25f2eab20ff3e9240d2da2fd8f185

SHA256
fd4d0b2be7982bb5ee97b6843e89c318ea61316d951ffbfa0ffcb564c3fb271e

SHA512
b02cf23ae02c967c9429e3b66076aeb6b81f7cf49ec4f0bfc00c7634174f87b58481675f9551544d033d99a2790189ce602bfeaf87210578ece56ffedee56201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
96f00bbd6a174879c58220f95f0115f5

SHA1
d3d7f82b0bf27daf1b3903bfe050c2d05422050f

SHA256
644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107

SHA512
e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6641e999-fb1b-4537-a652-9000c45e7d39\index-dir\the-real-index

Filesize
2KB

MD5
8f3d2bc6bc64fb3d4187ad1e36992c94

SHA1
067739da9a84ac9a6d0a20c4a21fda7dd256dc97

SHA256
be034fed8983b6fde531bb240bb984d0a6c71f568ef478a0c6209d2bc4bcaf0d

SHA512
e40a607755023ce4aa7fee7c93e3839a29fa6eefb878f8d965e07d2d547dd6927ce173e7d08d1a97c9d4b9aea971e91cfb86c669ad4ce222eeb3c5ef88ab0792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6641e999-fb1b-4537-a652-9000c45e7d39\index-dir\the-real-index~RFe57e687.TMP

Filesize
48B

MD5
b10b5cf9d6fdb37d395a83c416ca789c

SHA1
290b2ea412efbaad43a90deea15644e914f9f64e

SHA256
40dd870fd5e3f12a7d4898a647d4c15c676b1ca6bd6a533f802f7418de4ca78e

SHA512
c13fd82f8275e6a3a916f8b4a9c0e67ea1ed9064158c4e29f555ac4ae078eafb9c9c9f77c406b7637639fbc8785fddfe18fc1ee7b512d96578bd8b7cb77c6ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ebf25671-e3ba-47cd-b6df-9b466c6e5e57\index-dir\the-real-index

Filesize
624B

MD5
7ee3a4f765935ee4f30122f263454591

SHA1
80b1d80b15eff8496969d229f927c76edca0890a

SHA256
6abede83923a2f6963b658c3d1f466696d00f312e23131a9fe9ed177173e641d

SHA512
2828aa47b1012247d3e16c6f8bf941d6336cee4fa6f867c4eddbb32cbc698231642275c7dcd023f5f4883c61c2bdfe2698ca6b68fa55a028dc2eb15216eedc2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ebf25671-e3ba-47cd-b6df-9b466c6e5e57\index-dir\the-real-index~RFe57e687.TMP

Filesize
48B

MD5
dd016cd5f07802462162eb962b1709a4

SHA1
d5a6b6759215cf6fd84501cb42d6b941df2175bb

SHA256
0ceef5298d62e146cc67729494aafd9a3bcef1e5b9aa4139c11bddbb7cb16528

SHA512
27efe4e8f1c40b49a6d4d3e648444b9fb5a71d2ed6a81259c44b5c935206c1262f51012c4a2eee067c9154914f6941376ebf7052e744d159f2d22c97343f10dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
54f8e0883fc026b23d216ce8926d9503

SHA1
d2058dad1f8cebea9601dceedc08e98c148efe52

SHA256
e3a7d82777fdf876830127d00bb96a9ecefb0c45093d3bbaa7f791b73cca4999

SHA512
1228c682306d90bb8775ba2c922f17bf6c20ee505bb846a926acafe00682264a45927f1b82f4de05bd8eff156934942ce3c65031b1313669276e0822607cd345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
01caa0a643bc31d5735f3384a01863bb

SHA1
fc927dd12f5e00288e30ed1f7eea0c55b92e5b27

SHA256
1debabc0617139025ff17f64f55a45e87d658dfb2b15c254fd155a8ef94ffa1d

SHA512
a83c7cad744c545910faa2f191ec54c7e8a39fefca38549c264277bc41b558aee307515220be9cdcd473d55f7c5d3cd17f16abab73f9414e3201e9bba8b50b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
2aca216359d0ad39f6308de864031efd

SHA1
d39887fb7bd5c1531ebbbf6a32dbfb4045b08be3

SHA256
bcd5b3d9f26b9cd8249f5af30f3f37c050779200661ef5d0605479668ba65404

SHA512
68935b99e9330f953fe96b24b4a6f4f39d485bd82fbf0e5ede3536889543c2cb84f3b0964a78e160548731d4007acde5b10d4a0d01a37b2250f3c6bcb682c34d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
d947c6624b615b938a367ce462f6d7ce

SHA1
8b7ccfe8350d71ac8480662f8f43093f0e5990be

SHA256
749dd96c19c8cf32c952769bcc2224071b07c768822e566ce5c45f183f8fe3a0

SHA512
8ad04f84218d410472460c35da53ae9cd34219e9d429d82f64332bfcd56db0eac8d31003a59b7c6656fa36a078ddade67ccb069774e2af977f8063c0e7c5a06a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe577fee.TMP

Filesize
89B

MD5
976b1a9534413b6f5afd246bef9150aa

SHA1
8bffeae805197c193b939460600f333b9d3a77ea

SHA256
938c2a253879c8073a29166e8adec11e80ce54918571f18c4b4004eb8b0eb2bc

SHA512
8306352b82dc3ecc34d4f6466c4f6d6277553354573d942afe6da34c8ac743c5f28b02d622e9702a27ba065e2fb0bd1159c9ed483c1c970030a8586c6dcafdbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
90d20e2a1afeb86a98e854bae3edbdb3

SHA1
cfe8668df431a5fc307f2f8fa634e6eab12abee9

SHA256
ef7c467a3a978da2682c5bdea659ee1ec5adb0f6b58a5d4919cc7a92893e06f0

SHA512
8d8f806ac0cc8de6cd4546a2d31cb0f340e1869f226ce1279ab8b43bb5a159fd42246bd29189997d6fe609399fb024d97734d9bcf3605eae163e6ca0ba87f1d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cf94.TMP

Filesize
48B

MD5
af2eff0c79cd14139e62bd4d12767b99

SHA1
634bac39f12deedfb4cee678bc3db60b0b06ea25

SHA256
c64bf62cfde6ceef3a0fe2fb1227a1fd65d0551426bf2be22ffa8a0ff8dbed5e

SHA512
c1c9ec2b38c4d953adee0e2069f9a7afb6ef1c7b010dd1550a90988e04873018bd577d23f8f8ddc251f0befcbbd2dfb6f13fd94b42aa8f067b7b31f120a132a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c573.TMP

Filesize
874B

MD5
f999ed962c2e20e4369e2215d3639ffa

SHA1
1143df710bdf90f4624afcb25f32f286f626d4e0

SHA256
5dbf23360cf19673e8d20ecb94d7ae18f05cd8c8a1841f31ff055e684afa3367

SHA512
7f0cb9f32fa65be4e9996d997528fcb28c748583c36d27ea4500be1057556a07521567b0179347b0febb9ec590049059e7a132651a272cc27db711db23d1c476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d7984dec-9e31-478c-8257-aa552eddfd84.tmp

Filesize
874B

MD5
4fb45479acbba473e5a115465f1b603d

SHA1
8b73f273f5d7acb87b665b916f30d217d4036a69

SHA256
d7ebbb2243dce9bd622dc561ea5baec488276ad07e1e2cb11272b667cd4b422e

SHA512
3d46b37a7298528b9204af7f43bbd11e22512785f1f4cd18287c567a4974f6e03461e13bb81a70ce3f0f8bfe83f04c69fc92cb5f35728d9cb54dd20d68bd302c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b54184523ed53ea06a755c5fb53a578d

SHA1
696a52825270128ac7a2c9e540830f67f65b2727

SHA256
5e2828fdcdbd97c73f365132579aa51ac1dfc117354cd6f65c0f77899401a3aa

SHA512
7db4d12d9e6b5c84f443e03afbede92082e3771345b7f38c74a7a49cbce61bd2261a60724708df89a18d8a4b48563b6388b55441149b3d6b9f88f3a4297e7856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
78f84c094a12565908bebe03ad93a285

SHA1
75a0b765d65ef99e506129487e93e3457384e86d

SHA256
7fefa1d44d2702fb256c420f70ee5ec2cb3ec378453751f8a63615bc658045af

SHA512
064afa672dc5882d635a385b55e7d92d79d0cf6d85a640fad216d36a239e5d762049e7d798a2a04e83d84150b91ad32e892ebc190408763c868c56be01950eed

Download Submit