hxxps://v08dunthv8a5bqk3a5h9[.]bd4yvij[.]ru/d4zv/#bWVsYW5pZS5sZWJsYW5jQHZvbHZvLmNvbQ==

Resubmissions

20/09/2023, 22:38

230920-2kkybaba8s 8

20/09/2023, 22:31

230920-2fvxqaba4t 8

20/09/2023, 20:58

230920-zsg6aacf66 8

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
20/09/2023, 22:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://v08dunthv8a5bqk3a5h9.bd4yvij.ru/d4zv/#bWVsYW5pZS5sZWJsYW5jQHZvbHZvLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
4604	msedge.exe
4604	msedge.exe
4000	identity_helper.exe
4000	identity_helper.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 3172	4604	msedge.exe	86
PID 4604 wrote to memory of 3172	4604	msedge.exe	86
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 4676	4604	msedge.exe	88
PID 4604 wrote to memory of 2492	4604	msedge.exe	87
PID 4604 wrote to memory of 2492	4604	msedge.exe	87
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89
PID 4604 wrote to memory of 4156	4604	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://v08dunthv8a5bqk3a5h9.bd4yvij.ru/d4zv/#bWVsYW5pZS5sZWJsYW5jQHZvbHZvLmNvbQ==
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff8db8d46f8,0x7ff8db8d4708,0x7ff8db8d4718
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7504781119459641019,15894390661097092707,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bf009481892dd0d1c49db97428428ede

SHA1
aee4e7e213f6332c1629a701b42335eb1a035c66

SHA256
18236c88bc4fe576f82223cca595133aa3b4e5fd24ebac9fd515b70e6f403ab4

SHA512
d05515ff319b0b82030bc9d4a27f0432b613488f945d1dae8b8dfe73c64e651eb39f4141a5d2e157e2afb43dd1dd95b6611c1003ac4e2e80511e6c5cd7cfdf11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4e185f97-33cf-4d7a-84e1-5b1c4b8adc1d.tmp

Filesize
5KB

MD5
17643468c7486f8737d68fb48df71aae

SHA1
29e3ed1133fe31e3c5de9777a6064ce42ffcf2ec

SHA256
6b63d211bc1fa60f1aea6af001f6abcaf8814373fadc3e375f6d4645ab038877

SHA512
bd007367ac48a8da40dae4365f6f5f048e0e84856998fb8607e775814c8df906bb0c4c22955648d3a2b2609b60481983b54fb27adbb98cb2521276b8928cd3e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
a66889ca5f288753baff427ccf2fee3b

SHA1
edaf0467f2f01e6b530c86046780b86fff3a4f34

SHA256
b711b34faa42f616d4059aff8ef82891ff892e98001d8c2214e6e9fb9b387017

SHA512
ec52d9144219c40f4e0c33acedb6d59e4c04a9dc161eada51addafbf1e73e86b3595b156302b555b789fa233f9eaaeeaf280d20c267f9b8995b0c0580c276233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG.old

Filesize
351B

MD5
c1bdad364a35ae068411e6f0de0d0b82

SHA1
f3206ea950657d79999937a5bcf0a2f09e560654

SHA256
3463fe0e9b7d4a49e6147451a1e546c00987b19ae15ae022dc8af6ddc9dffa73

SHA512
bab9b688f9bc89ce774e823d0791214a422c4d36558e4b11904c9e85cdcc5b2980e5f55b394a568add22d600a3c58f5301e9bfbb77624a3c96131d7ff91f0d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7c4d56c3901a5085101d8319ac9b895a

SHA1
9e30826cf3203d6493fab543c2cf42dca06b5464

SHA256
69fc40e2b3a1ec17b1322590db379743d99cfdab3dead7cd919c20ff37b5ed71

SHA512
ef8949f48db87121f9e67f5b1a1e56ca8ec5541bc71bcb2809b1bd45810225998c6180725aa34c829653456d912214d88b807ce285d164554a48db17916bcafc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e35a221db841dde476c58bcd0048c2b

SHA1
1994437f1dd656acd0a72741efe59b9ea4cbe60c

SHA256
dbc7f7ff1f03e61f49fba293f54d9c2de329083d66a6ecd032e343dcfadcf4ae

SHA512
f0e800fb4c719e3e7ce01539fdd367f407fd17ecf33e1f4499eb5d7543b511bb8ef3e85cc1fe3e73d4a1164c4c9c00e98fc8999276337cb5c3602c0120bcddaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
25ac77f8c7c7b76b93c8346e41b89a95

SHA1
5a8f769162bab0a75b1014fb8b94f9bb1fb7970a

SHA256
8ad26364375358eac8238a730ef826749677c62d709003d84e758f0e7478cc4b

SHA512
df64a3593882972f3b10c997b118087c97a7fa684cd722624d7f5fb41d645c605d59a89eccf7518570ff9e73b4310432c4bb5864ee58e78c0743c0c1606853a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\125b9211-e4c0-4ede-9880-b53c50fc1292\index-dir\the-real-index

Filesize
21KB

MD5
4634ebe12e0175af1addb3dc1bcb08b6

SHA1
250c1773b9444adc626b294d9e5cfa97df9d18b6

SHA256
ac3ffb8f10ac79ff59d77d0a9d02c7802d5b95cd476549dd3d42be449003d50b

SHA512
069c784189480332477fdca0e5e6bc488f1f0bc11c2c2f0031297899c517b6cce80ef60218238f1e5fa25fb101275e9806a253bf5295a7e3ea5bd9880a810d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\125b9211-e4c0-4ede-9880-b53c50fc1292\index-dir\the-real-index~RFe588b14.TMP

Filesize
48B

MD5
51e4de8a68901be830b25565ed2ba643

SHA1
91cd56e912f41604641f7a49733c0cde41fc68f3

SHA256
ffe7317cf48cf146301f8ac9dbce238776d2091f6ae4dc41431cafc0d7e06f90

SHA512
994fac3b12527a6cadb253092847bedf74275263895d0c6d07fc6dcba30b626fb175ecc61150f013dbcd9318ea4169bc53fb89768a1bc2127dbc8b78e6d64cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
235B

MD5
0883c8c93a7f67a7dbe1bad96f8dee65

SHA1
a801c7d42d40891b1fcb61c13556482fc70218e7

SHA256
87d9d40e6c2cc8f5f5c5577d82805ac39e602f597dcb3232dece224f46949be6

SHA512
aab5e4fd7ba38582e5739ce2f355fba0b27e84784b83fe43e11b3d12230ebff4aca218b81b6aac8e36c12122936c3f5bd4eaddae4d0fa4f7d7b4053b6596e768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
231B

MD5
c9d28b462026558fd16418f615b38c10

SHA1
475c7a0939603aa0fe48f39bd81906e68e07f52f

SHA256
1e7c0de7518837792888a5f0830f1ccef13d52d41e7cc9db3a62f30071af3ea9

SHA512
f8f04a122db0babf99a919ed3a32c2b6cd447a422fe478b6a32a340d5379b2fd4188426a019b551f7394fc743036a62133cf46202d55ee131a83b8a6440b6047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
2be51da14604349ed58f4666c6be8e6e

SHA1
914e36507f127b7ae4cabad756c1ce5b82d6f2d0

SHA256
852201bdadc14419dd3a4f349c03832c24ede613e9d2b7fb4e3ce38a60cfa515

SHA512
02b39d8fa38bef68cb3a03068ceb69675fdae8e9e7b077d0bf5dcbb1a4515279f1ca2b2be1f8410bb96321ae0053938589c29a97577f717d41d9959a8ae3c982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e290.TMP

Filesize
48B

MD5
951f7bc7d77dcb6da5dbf88b36bf549a

SHA1
6fb6422cfc663a4732a2e0a98a0cc73e85afc86d

SHA256
8bbb68aa516a7d8d71714dc01da7a798a540d0c9584a50d37e75314f7c0ea680

SHA512
3d2770048d07bdccb8ab11ddd147aae42fe5bdeb85ef37b85c8acfcedee7f48f0e6ffcd39ab0d9d34e36b1cfc7e50e710c9fbf354c25f38cd3f658066b5b1325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e60c21ca47db20d9ce7e336e3e10ca4d

SHA1
5ea90a641ef2de639c814b4a156d53a13b67be3f

SHA256
ca9a37e8fa7412e7ff2052fc80da6d438c525fd5ca349d7174c3258340a37fb4

SHA512
b1d6987ab699e79eed0573b564430450cb6c8bd7ef10fb1ba769713c9e45d9d8b08b6bc39b271122a12c889638794d20b3f415d31b727b5cbfe114e825740cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f9fc307f0b9a3af74ba11e6ed13201b2

SHA1
70a2b0602c528f0eb511e9a4d405b77db62f6bf9

SHA256
f69c925e8a550f1476e437fda02672b79ddf9018e336d3ec7046a200e8042236

SHA512
1f6bed5ef0d3da1791f79e14bbfde8428d690547b4da29678230903b5afb302ddc24fc76d0853011f61e0914468aca7b4ca30f59b9abacb477d69097662c7b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d5ce.TMP

Filesize
1KB

MD5
70f2e702c02937608f1544c907b62d4d

SHA1
382a69aaa1788faa435432e7adb5d2cb1744e760

SHA256
06dabd5f5d54460587d5eeb7a3549053a9c809a102c50d9d613a6820d0c38f52

SHA512
f3594d90d93c904419f4180a38a806abf6638b0baf7ca853063901ccc29e52e44c27a96e1d085fb24ece9c60fad81ff00ced4c91b74a41a0cc6aa704fa0803cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
42a13fa33f27f0f796a106f0a0c2b6aa

SHA1
ea12654d45c14e7e28272f3c1173e7eb00569de1

SHA256
4838722809ac4663e539d2ade70f11d037adc0a4d0de0e9fdb48180728f080af

SHA512
149694796eae4e1278424397df32051966ed8b88ca929c1ebf5ba2ec7210cec728e4ea3715c5a82cc67e83f9b0cfc978a69514148671a314fa7f1f90f2fdc80a

Download Submit