hxxps://sg-links[.]dreamstime[.]com/ls/click?upn=xnLJiPxvUKijWoTXle-2BH7gqIuZQRtOHwn1cEd0ja43hMIgcTbSAtdQbKWISEQImGlbF-2BmM1co59xIOKULbl9w9j-2BFYTMp-2Bgmw71qTgQD7npctnPxwdXZtDY880EdDbjDkbc5ZAw8TNmTBbmshCxj0YuFJ7GsQCVA7peai9zZ80qpx6IeKMDuA0Vst9p2AsbhAYDUTCPatJmp5AjG4rxim5ftkUli7yH9DWpM2RTYPJ2B4IsGfRVHyJcZ8BuwCHCuTc-2BDx1ycXu44ulElPtNSiYdlEXXk0GCHg-2B9neeNAI7y4i4gFCrONeFm7-2FVJ0pkanSTdySAW4bSwKn6xuQo-2B33stm9Weg5hCqQ6zH12hualkZhovVZf-2FDwA-2FRCFhP-2F-2B2u4emCFAwOdb8IzwIQ-2BvUCH-2BUhn3-2FPow4-2B-2FaxeBRRqrXodjt1CbqMlxar0xUAOqCm5CZnF_U2ZHGMKwkmljmJ2Au83nAoUvTWBugDniMx0PfQYRZFfMERXn-2FLsJ5zUpC1W8h12kg9GI5EMRQLU9SQMdeHX3qIYui4HRQOyvaETLXaZXvJYH4P5JRZnHwiVjid-2FRuCMDGeLxIt3EWPHvrS8Jz29Kdhdt7yAuEnUqdPfwoeWNN-2BlGB7fvtMAtxTwqPvhPy3TWwzKt0LiSSP-2B7uCTAXEr4cGICtTgs3z4rQFXHXd5OU5M-3D

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sg-links.dreamstime.com/ls/click?upn=xnLJiPxvUKijWoTXle-2BH7gqIuZQRtOHwn1cEd0ja43hMIgcTbSAtdQbKWISEQImGlbF-2BmM1co59xIOKULbl9w9j-2BFYTMp-2Bgmw71qTgQD7npctnPxwdXZtDY880EdDbjDkbc5ZAw8TNmTBbmshCxj0YuFJ7GsQCVA7peai9zZ80qpx6IeKMDuA0Vst9p2AsbhAYDUTCPatJmp5AjG4rxim5ftkUli7yH9DWpM2RTYPJ2B4IsGfRVHyJcZ8BuwCHCuTc-2BDx1ycXu44ulElPtNSiYdlEXXk0GCHg-2B9neeNAI7y4i4gFCrONeFm7-2FVJ0pkanSTdySAW4bSwKn6xuQo-2B33stm9Weg5hCqQ6zH12hualkZhovVZf-2FDwA-2FRCFhP-2F-2B2u4emCFAwOdb8IzwIQ-2BvUCH-2BUhn3-2FPow4-2B-2FaxeBRRqrXodjt1CbqMlxar0xUAOqCm5CZnF_U2ZHGMKwkmljmJ2Au83nAoUvTWBugDniMx0PfQYRZFfMERXn-2FLsJ5zUpC1W8h12kg9GI5EMRQLU9SQMdeHX3qIYui4HRQOyvaETLXaZXvJYH4P5JRZnHwiVjid-2FRuCMDGeLxIt3EWPHvrS8Jz29Kdhdt7yAuEnUqdPfwoeWNN-2BlGB7fvtMAtxTwqPvhPy3TWwzKt0LiSSP-2B7uCTAXEr4cGICtTgs3z4rQFXHXd5OU5M-3D

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
2472	msedge.exe
2472	msedge.exe
4656	identity_helper.exe
4656	identity_helper.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 3424	2472	msedge.exe	82
PID 2472 wrote to memory of 3424	2472	msedge.exe	82
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4752	2472	msedge.exe	84
PID 2472 wrote to memory of 4284	2472	msedge.exe	83
PID 2472 wrote to memory of 4284	2472	msedge.exe	83
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85
PID 2472 wrote to memory of 4116	2472	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sg-links.dreamstime.com/ls/click?upn=xnLJiPxvUKijWoTXle-2BH7gqIuZQRtOHwn1cEd0ja43hMIgcTbSAtdQbKWISEQImGlbF-2BmM1co59xIOKULbl9w9j-2BFYTMp-2Bgmw71qTgQD7npctnPxwdXZtDY880EdDbjDkbc5ZAw8TNmTBbmshCxj0YuFJ7GsQCVA7peai9zZ80qpx6IeKMDuA0Vst9p2AsbhAYDUTCPatJmp5AjG4rxim5ftkUli7yH9DWpM2RTYPJ2B4IsGfRVHyJcZ8BuwCHCuTc-2BDx1ycXu44ulElPtNSiYdlEXXk0GCHg-2B9neeNAI7y4i4gFCrONeFm7-2FVJ0pkanSTdySAW4bSwKn6xuQo-2B33stm9Weg5hCqQ6zH12hualkZhovVZf-2FDwA-2FRCFhP-2F-2B2u4emCFAwOdb8IzwIQ-2BvUCH-2BUhn3-2FPow4-2B-2FaxeBRRqrXodjt1CbqMlxar0xUAOqCm5CZnF_U2ZHGMKwkmljmJ2Au83nAoUvTWBugDniMx0PfQYRZFfMERXn-2FLsJ5zUpC1W8h12kg9GI5EMRQLU9SQMdeHX3qIYui4HRQOyvaETLXaZXvJYH4P5JRZnHwiVjid-2FRuCMDGeLxIt3EWPHvrS8Jz29Kdhdt7yAuEnUqdPfwoeWNN-2BlGB7fvtMAtxTwqPvhPy3TWwzKt0LiSSP-2B7uCTAXEr4cGICtTgs3z4rQFXHXd5OU5M-3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbfd3146f8,0x7ffbfd314708,0x7ffbfd314718
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2822984767734365098,14999986493330231885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2822984767734365098,14999986493330231885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2822984767734365098,14999986493330231885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2822984767734365098,14999986493330231885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2822984767734365098,14999986493330231885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2822984767734365098,14999986493330231885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2822984767734365098,14999986493330231885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2822984767734365098,14999986493330231885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2822984767734365098,14999986493330231885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2822984767734365098,14999986493330231885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2822984767734365098,14999986493330231885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2822984767734365098,14999986493330231885,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
f7ddc2e54723277742a8663013b43128

SHA1
85433293546806bb54f16128bc0bd2e26a0b3237

SHA256
3558e5d9604bfe2b7d2979103517184f8835b7bc6604942757c68b76b1daf9aa

SHA512
08fb1da831f04faff665464b1fd2c9b481ba5f439117a6322f974ce540706c64dbaf8f65841476c129b9d97e473f50843bff8818d31f3451e65214278b2d3cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
75ae21942f708c38bf48b0045f70958e

SHA1
549dc086ad20f1866809555a26343ebc658c7b5a

SHA256
88e495cdc9a281543bdb2746112096c49643ce2ceb077d9971f35c0dbcbbfdf1

SHA512
f82d9957d282953b8d2014c1975ef71a063b56158d0e4ba9ea6aa3a454960e09dc5802355f81f611bda78047b48d394d6146dcc9d69308efca66c461ddb71e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c26e76e8bf5ae2bb6f90eeb57c498973

SHA1
1f190ea7e9dfbf9e539a36b48b33f00b239dbba0

SHA256
999950c4d56911754d25995a100454277fae1a4e9c094bbdca54dd19f71c860e

SHA512
1977911ee7f32072b591a130ff3fcb4abec3dac98c5ce80299c8da38b8dfc1c9a882acb76ac6c2d3371ecb895ae35bcd6c63fe994dbd59974b624cb960753318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b54b91742da03b691d37730dfbd0c3c

SHA1
a4db25ca121a18b477f71b0302a14fcdbb9e7383

SHA256
e6a565d1f1c71723f5f0cc77e38e847bc085c6e34364be2fde56349225c4dba1

SHA512
f018828ea1f7bd668aeef77524ec41740597500129e62bf994beaad9e1b8de15f355bf8fa89a20ae7be61fb08b4d6a655dbc10d713cd5e2df24f314b7f7eb430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\efa22319e948a05f323995cef223259e116e339a\a1ffd017-6081-4e5f-9c66-0494fd6d2f77\index-dir\the-real-index

Filesize
336B

MD5
72bef882229fd674ca1dea5b2a81546b

SHA1
8ec1aa39fedf057d9372122a9d26676b41a5f535

SHA256
3da359279cc50ff17e2c24b9d2ac8c787f7013ffbdc8588731cbae11872ed1f4

SHA512
73c704b90bfea2901c37000534a07e5dc0220cd6b648a4f999ff709c4d3732e57ee1901f26f9cb2056aa99915500dddabb1a1b8f4864ffcc2c9eb34381f6d88b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\efa22319e948a05f323995cef223259e116e339a\a1ffd017-6081-4e5f-9c66-0494fd6d2f77\index-dir\the-real-index~RFe581e60.TMP

Filesize
48B

MD5
3654e6e148276d757fc488cfb8f910be

SHA1
9cf44bda5a0ebe98118a1ec1a11613638828a5bd

SHA256
2fa09c51bb34017b85c033ff79e68367684bee20b6927e1f3aaf6c091a1894da

SHA512
2afae135b8f09a87f6e12580969c535e61851a634374a435046bf445bb322e40bcf860bc7ab6acbc3487487722c6db749542bcb1aff0b3ef3d31a076c5c5790b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\efa22319e948a05f323995cef223259e116e339a\index.txt

Filesize
96B

MD5
c473af0e285ff8b34b74ec4ff6edd86c

SHA1
e86755e1a6b87d78bb00ea37bc31134d99bba993

SHA256
564ba77096766b94f98e3f5cda882461d31ec6f901289197f7da9bd03c8890f9

SHA512
8faa26dbaf3ad46c5c7bbffea72d5df2121eddecca67bb0786d17cdf24fbb0e97fb366228653c94fa9b8c59216583bceca29405cc5c243da68f8709ec6100627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\efa22319e948a05f323995cef223259e116e339a\index.txt

Filesize
91B

MD5
2b4c4637b3204c0796d1adfe70fb78d5

SHA1
bd7fa90c32d2ae8d5899a3986cdbfba18ee1b39a

SHA256
2443d985557d78e864654a7d84a2a8f490d1415f5acb320e6ae600335eb5207c

SHA512
c0c15811b7d1cd39ea888f4d0ae0a3622c420c530d16ce758bdcd678c934ec170f963d99928c6b907f087957cc699a089e10a3eff26e6ac8ca0d6caf4ebaf868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
52e51aaf97870a58d9498a815ce5db8f

SHA1
b9d923c7176212b6973ddc8a8d0f954e99e0b787

SHA256
7fc768f2d8148c605564790f614ef82203e7587743f9d9bf2953fc64a1838b1f

SHA512
800b7d5fca0267c35b104323bdf3b348759ab210cfbdb4c3fb7d636da82904713295a3403cac46e44ff5a2cf514e5a0fb3fa4f15d882d02049ef26100be685c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5807db.TMP

Filesize
48B

MD5
8f6f6369a23254a872f1987224fe7847

SHA1
aed90bed1ec32ac8498fd99c6e7751c84b73ed59

SHA256
a8f905b65aa3d512fc6239cef4c676198c919437a3b6f7a836fe0754102dd327

SHA512
7f4547ca4ef2404a0f4b1df7152c551d38528eeeb86a4fd7a127d804e08d9830a07573df0c27067d92deabfd8943f6f13e4c5023b811227f555ce2cfeb8dbda6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
16c49870270503040c889ecabae58d39

SHA1
26940f1d8c382973f0528194246ca8570af109dd

SHA256
a144bc8b799f56eacad617e0bda2257db1b627d6c33a03f276f41c0f90ab9f3a

SHA512
ac989eb8b9f71e2a7a6760c8ad6d7aef0ec892cfa90252d13bdf88b82822df06090c1ae6721c8c87c98e26fbc7fcb22bf66cb3ce8d4560f0e3702e64f887f9ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
52ab186c5a228c56665e0586d221b39e

SHA1
d5a07e4602844a0f9d0e025abf8a15b7e5c29dd4

SHA256
8b15548066e6b2d1dfa80abc7f9c9942155394dbb60b3305b4971c8e304eee6d

SHA512
55d8c084782171f786cdd36558eb35ef3ca57f42061281cdd0e37b5150a7eb0a7cfea2a613b29a007742b97cec7eaa69cc55444828c10c89f5e36651edb9d3a5

Download Submit