hxxps://4gy17rwttqj02lx19azo[.]u1fehzu[.]ru/5phl/#f[.]off@fake[.]com

Resubmissions

28-09-2023 13:25

230928-qn1mdsbe61 8

26-09-2023 11:19

230926-netflsgg9s 8

19-09-2023 11:47

230919-nx9kjsag67 8

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2023 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://4gy17rwttqj02lx19azo.u1fehzu.ru/5phl/#[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
5008	msedge.exe
5008	msedge.exe
1524	identity_helper.exe
1524	identity_helper.exe
8232	msedge.exe
8232	msedge.exe
8232	msedge.exe
8232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 4148	5008	msedge.exe	33
PID 5008 wrote to memory of 4148	5008	msedge.exe	33
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 4608	5008	msedge.exe	86
PID 5008 wrote to memory of 2012	5008	msedge.exe	85
PID 5008 wrote to memory of 2012	5008	msedge.exe	85
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87
PID 5008 wrote to memory of 3056	5008	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://4gy17rwttqj02lx19azo.u1fehzu.ru/5phl/#[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffa17b846f8,0x7ffa17b84708,0x7ffa17b84718
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5290053229172781252,6768072490934782325,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4248 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\64cca2fa-80fa-47cd-9876-8ae90ae2c254.tmp

Filesize
6KB

MD5
705d64ce8e98abc3c3615670692e17b8

SHA1
a338f99a78d4f55c8754b71303dabde09e55b91d

SHA256
eda9f07e3a9bb519755d5a90ddcb1ddcdcfe5f52834847114c3766badc7036b1

SHA512
171864c4ba35d5adca0cb41cef2b906e6e081972ec36c3cdaf45c5455aff10f4e3585daec150634b862c96724251ecb563cebe1a2ac5f5110a93bc46ba61ac3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
703a3c2da860aa3b4f9dfc4e624bc10f

SHA1
1bfb9401f9a5d15a28a6b71c764c0ac35e888760

SHA256
629f93f6add0c611586db4b6e4a8d0d796e00a541cc5952f6b9f5836bcf64335

SHA512
3f240d0ebaa18435b3cd3f3e72a52cf67585bc3974e42361ade2443f04302f545224b3a746e7f4834dae221aaaf803856687bcfcddc8575f15592286a06f413c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG.old

Filesize
349B

MD5
0e92adda797a90ce2a432c7673a5d5b5

SHA1
d518569f41989e8107362da03e487b272a7ef4fe

SHA256
b7d39f4dcc8215ca8d38fa50a6ff3dccf4aefa5b05c5177f9b5480f508bbf03d

SHA512
981734c5d7a8ac863a328674c69f6e5b44fd09f2ca871edf1be661ffe00d247ed88a8e79124399e2c270f30d87ae1737ffcad335bd6249353e03b118f6b54210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c70cea2a2d411f05d6035ce76335f25d

SHA1
f1ccbbe6a01327756896b2253175164ed910c94f

SHA256
ea03871cd2aef05951363199915a34ec171e3989264a413815a757e8a976b13b

SHA512
ce175033bfdbe599d0169134a8c81b91fad8ea4f1edaa742656acb05ebafc61386615327e9ba625a159f1aa2aaafb2927734cbabf66a23ff2b4ee3e072e0c4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0625237680e9e2aff9266fca9483d96a

SHA1
5e9dda268f7989cd099a070f70b1e0b94a2898ad

SHA256
3cfa0119b520e41ba1a7a7b04fbcfc7b5e2f616f99173fc392cdd22f9bb954a8

SHA512
58d7f29040aa1ea36c683a4e542d743b5ad12e55dfb4d14488b3d8b1cd13d0f0d58b1500aa63c461c93f24eb2ec3f5d05451ead7bf78356df8657a484739a874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
15ad31a14e9a92d2937174141e80c28d

SHA1
b09e8d44c07123754008ba2f9ff4b8d4e332d4e5

SHA256
bf983e704839ef295b4c957f1adeee146aaf58f2dbf5b1e2d4b709cec65eccde

SHA512
ec744a79ccbfca52357d4f0212e7afd26bc93efd566dd5d861bf0671069ba5cb7e84069e0ea091c73dee57e9de9bb412fb68852281ae9bd84c11a871f5362296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\3f532b51-ff43-4a85-9078-6e4364cfc458\index-dir\the-real-index

Filesize
21KB

MD5
a40a5994c96004774efb6844559fa810

SHA1
361206f853a0c4b05eabef820878ec4e0cd2add4

SHA256
e6b37d7616375f09a62ca16eaa2526cac1e12098ccb130ccbaff73ce1cdcc176

SHA512
a144f7ed19ca605fc51cf4a7f3fb3d434b1a40bdfd5bd4d01c6a884e13ebe6e98f8309ae43e1567aa410c697b3e6ab175d4aa4fe17d9c4bdf7e9fe6472be8d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\3f532b51-ff43-4a85-9078-6e4364cfc458\index-dir\the-real-index~RFe5870c6.TMP

Filesize
48B

MD5
c5a857156a8a2a5379edb43b98e1c883

SHA1
177abb3527920a4bbf00cb0079019b5240355a60

SHA256
fe083ab2d468d0c6c00db7b4a7bed451bd627840c54676cb429feb53c8d9a2d9

SHA512
fc4318a0496069d5af38e8fda68a18ce5c5b9ccfd65fe34a688abb85e46396137834e8a5a1c77d52ff9ae7baf422a907ba0470a85f3cb4674b9a24b88e2ec05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
235B

MD5
3d526a365c68e07075a235630abe6647

SHA1
e7340e919047da5f9a809a35cb6f0fdb02deba51

SHA256
2fe56bcebabc09f2cceace0eec198b2cae890990b26c057d96335c9a30922ab7

SHA512
10a13a458eaf326c9a5a4f8366651acff12261c082de67cf0bc54f8b8a84dd62af431f8001e8740ea2a4939a670c51d17bd04a6080ebc19fc59e09f52ccfc94c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
231B

MD5
5f7cd527e981d7dc3393c643178b3954

SHA1
52cae978fa645572fa625019479fc1796749abfb

SHA256
649733ac281912077e275330cc42dc0116785b2a8a75d569f0163ab5c8103c47

SHA512
2669b5b1212b743b1fd84da870e4993c154f5aa50a564dead24a364418a805bad2e53e8eff0c5f5e528fbe5348e76f0772e2c00140b7a3c6bb0909d8c7c3cd07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
79fcd0bae05d3697bc991da234d47b8c

SHA1
d69e51bbdb119d5b563caa30abd99079ac021a15

SHA256
984829c3c5e000ce01b68f927ecd80571482ae7df239c2e82091ecba5a180e29

SHA512
907e50c641c37292fc5e526f276d376c0f81e36bb31b0b3fa4974500660ed50314b563b813b4fb216f2b8c5b67e1ba024c2c1d1c6540eb9223908a91d815eeb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e280.TMP

Filesize
48B

MD5
ea79d0aea439fa0012cba8df4c2ff7a4

SHA1
5506bea4eac888109fac4c538d7bac996d178721

SHA256
509a1d0db12c8593a193b331ded3d63b0b0177a25b263dc4769dec64c86c2a8e

SHA512
295ed48f93ed9679b0b46e2e1daacc856ed3d52ef5a2f14b4c5093e299b6cb2509481e019866d073d3dd0d71321a920804e5e534c52588184e8d068d10318198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b53a854137ad73bd67d95d6da231ae0

SHA1
c6073f7c09ff608d0c87865e97d0f67e68c5d115

SHA256
31a5741e8b8c0bbff8472c1e3f0c30148a6d7e4e0ad0c4486baa77b441cef1f6

SHA512
67592f4ae51879d162d84fe76fca2fe95381702a76eadbb18edf69db45a47349ee4f2d42eb6de13514492cdf1005a503ec9df30d92fbbb29aad100094d327897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d90a.TMP

Filesize
1KB

MD5
6416dc9b050dff68e400522042a8cd2a

SHA1
017629657ced160df48c266f067b3c308bff5b3b

SHA256
62a69f434c8ced08d85d490a995ca9bd617da7e8f889254a675a68fe1cb37b7f

SHA512
9131f6eec18b56e2d93b7723d00d37697a0cb0c863f8ada25e67c6d9686cdc26202d8dd81f2f6d38bf4911a41107d1af7a25fe3765de3f4691156b6be5d4c9fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6b72f1755890872ad6fd28ba765aff2d

SHA1
46a7d3abb0c5ce8892f5a7c6e6ff8045009dd794

SHA256
8acfa23594292ebf49863a8882d8dd7671b3792fe9b524c63182196580d96c8a

SHA512
78e09f8d810639895456e019b3cceb7230b9aaa67e852c3c7e0c13fcd1e1283c57ea47fbaf609609ef590aa93125b2574fed9ee26aa80aed763d46187a89d095

Download Submit