hxxps://4gy17rwttqj02lx19azo[.]u1fehzu[.]ru/5phl/#f[.]off@fake[.]com

Resubmissions

28/09/2023, 13:25

230928-qn1mdsbe61 8

26/09/2023, 11:19

230926-netflsgg9s 8

19/09/2023, 11:47

230919-nx9kjsag67 8

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2023, 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://4gy17rwttqj02lx19azo.u1fehzu.ru/5phl/#[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
3444	msedge.exe
3444	msedge.exe
2472	identity_helper.exe
2472	identity_helper.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 2272	3444	msedge.exe	84
PID 3444 wrote to memory of 2272	3444	msedge.exe	84
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 2392	3444	msedge.exe	87
PID 3444 wrote to memory of 552	3444	msedge.exe	86
PID 3444 wrote to memory of 552	3444	msedge.exe	86
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88
PID 3444 wrote to memory of 4768	3444	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://4gy17rwttqj02lx19azo.u1fehzu.ru/5phl/#[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffcf13346f8,0x7ffcf1334708,0x7ffcf1334718
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12898582674038127269,4651601524038329263,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d8f4eadb68a3e3d1bf2fa3006af5510

SHA1
d5d8239ec8a3bf5dadf52360350251d90d9e0142

SHA256
85a80218f4e5b578993436a6b8066b60508dd85a09579a4cb6757c2f9550d96c

SHA512
554773c4edd8456efaa23ac24970af5441e307424de3d2f41539c2cf854d57e7f725bf0c9986347fd3f2ff43efc8f69fd73c5d773bbfd504a99daca2b272a554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
4df7aaf61e287df7446572bae740c0b9

SHA1
59a02543a4abc8492c27463270e65234e03547fb

SHA256
a23d2b739264ec42b9e9b41a0ce924dcc05fcb67477711d3ae2293adb2675ce6

SHA512
6926c426c3a6537b11983ff07847b8e626573ceb869eb8c3d35b7e9ecb1f6197f289c00b92eb7f9fd3380d17d915a0ab3238644e5c43c521d16539cb0d08ba5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG.old

Filesize
349B

MD5
2014ea97f8374345139ea837f03b16a0

SHA1
5d58e152d634aab9f0744ffca6eea70c97f9d892

SHA256
c0bbea26636dbe991f67e7767fb1a8be8334f8dae6f74bbc9197a98c4aa48a3d

SHA512
3b721dbc2ad790deb3036698dd4e64caf4eb8ba06edd1a7fac695e28995ae49f5c6978c21c69232bbf83d16a7a50d5f325e9e170ac0d12dbe88adf3ae17ab1cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
272df90a7e1c76d8b60026fb8ca59757

SHA1
a282374fc367a7fa18f8046bec2386edcff6a446

SHA256
fcc7a686b76838672580397448b91544fb1f9c19c2631ebd4505df491d0b1a3c

SHA512
2d95e547230ac11407d98eb96f46e43f6a8e3b333fa6bd24bd60d94951b6c1d5d5af83661c30ac2c86c683838345972c73446b1f518e74beb401b38799170cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1ecdcdc22db29c33d9d8a123ecebe22d

SHA1
f3ed5b33640634873302802f71ab890267f47f12

SHA256
7cab731bacb467c6ddd9909455407ca6f906fdbcb2855c2815c264dc334cd697

SHA512
c675d2bd5ea84899eb7c7fe04dfa781cb728e08bd6c2e85929ce0fd8d1691a7b91137aedbe83393f155648674c175c754569c30631f71fb378602eeaa33154dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
944b3d16b03bade3e562a73d9aa93de2

SHA1
1eb113ec01254a018454402dd9392822e5489fd6

SHA256
3db7936a9d020176e877e8bf9eae0d86ca1df2f3fa9b2e260ec4670ae1203a1e

SHA512
b10589a36c46a3ba354ef2912e88b6253593b154bf29d6819f962f742d6ba38219c9a57225a29483fab2b70d8b245e98848d583f72e17698d031eb6a57e40bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5502f7f3f038931007b4cb8e6dd47b71

SHA1
1ad90d5f5233235010f8f35065ea5cb58f508975

SHA256
92393b640070f247d125a17cda4f229b4c2ad9bc471eda3aad68a4287af17c38

SHA512
b322f48056c6d6970b3e4b5c0065ff775048f03c60643db44dafe07a8f9bb79ce2591167630149aff317055dc144d90d0f61bd25a3cdebda02b56ec754c9f416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d985875547ce8936a14b00d1e571365f

SHA1
040d8e5bd318357941fca03b49f66a1470824cb3

SHA256
8455a012296a7f4b10ade39e1300cda1b04fd0fc1832ffc043e66f48c6aecfbf

SHA512
ca31d3d6c44d52a1f817731da2e7ac98402cd19eeb4b48906950a2f22f961c8b1f665c3eaa62bf73cd44eb94ea377f7e2ceff9ef682a543771344dab9dbf5a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\d174af3e-3e65-46e9-9f6c-7f83578fe82d\index-dir\the-real-index

Filesize
21KB

MD5
5d67eb79de702ae0b0796335ef25b77c

SHA1
04e317bf06a240c10d240c781679fcdb1ebc96a0

SHA256
17c57062b81ba2554bb907e2add025702ef5fc80727e4babed30a4c7592d0d42

SHA512
03ebbdbdcae49e7b804b6dc473d9423166e5a24cd158f5b8a438aaa1b56110e59abe0185f76df3322966b6b9e6f6351e4c142e98bdc253b3bfb65e2ff5926749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\d174af3e-3e65-46e9-9f6c-7f83578fe82d\index-dir\the-real-index~RFe58f3a2.TMP

Filesize
48B

MD5
ee1ca4396f9a23032c085cac754064a3

SHA1
d335e2f12d1df511a40a497e637f73427b66f227

SHA256
ba211ed23878528548769a78676a65b7787cbb71d4ea7733f74873dc3fd5ec8d

SHA512
2ba220722af03c31ca10e100a7de79a3df7097d146dfd34817b526080391da1a9b12d79698d27f66bb8b5f6bceebc5b3169ed9f8b28630179b1cb2a9adb3501a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
235B

MD5
677014461e1f71b1ab0038eb56e39bad

SHA1
a43ce019976d0f86176e275c7f95b8bd9a444e90

SHA256
e95988c117d25ed7a93ad2b8193cc51216639ac2d23b004488c296c2394797bf

SHA512
f0ad0cda9084ef230cae1ca87a626686f4a827b3e3f64ec8164e1d59fb7f7f452b62e9741ea7002ef3b19fe7ba4ddac565bb3dad15e5b49ef3ed534e445d11a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
231B

MD5
964d9c423148bc99ab341e915c8026e6

SHA1
5babd8db5810d22b65dcb5f0527afaa6876ca0c2

SHA256
cc39a4db48bf1a8142699f59a561843a03a3b3527352cfa8f88cdf361259efa9

SHA512
983843480295ad9c837246aaecdaf2bf741680f4edcfe88dce03cc6f4333c56824cf6028125a4434d1304f28d9896d7188285d9f485549a6fc1a7d2d6fcd9535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
0599f79f7c9d2b9c83779899003f8574

SHA1
78f4f7a5d78ee593ed6346f59b96bb131b267f7f

SHA256
8d4929534c415981272a1ba78fb8b7ceaf9619dce66788cac21a9d52c951f602

SHA512
cc51dc3ef2deb8f3d1a4ccad5ac4c99c99d3b24675d8371e4699035077fff25c4a714f7b16336ae8e6e176864c4e73f6eecce3f84db9dbddfd07871605046cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58482f.TMP

Filesize
48B

MD5
ef796dacc42e7fef1a4039d40a397e2b

SHA1
ba2565d2691301530c12307fa3ca764c95a50460

SHA256
959a2127eb3687546ea80160b3a0ef936ce17426905f07fd49a576062af0c856

SHA512
6d945243892ca70b35135f024bc04821d3ec63320feb8e2e0f3b76d309457430baaaf4e5469cd88cf1a8dcfdac069b3dd119030cc1cdfb3cde486438ff7b30e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
45f09a5792b1d33a2292fbcf01725070

SHA1
4fd053a248eb60dbe6344885b5309c0f057f0e47

SHA256
a868eba5181cf8a02cb44af68bc9102768910a4fb86a1b7e49051921361d7ed7

SHA512
4f3264be66d58364128981e7fa4779032e9f7998d92098ed30eee762d61749e80a5d547786efb8cfd9b53f0c4a14e11b36699686f2c4c2bc099038b4a2ab31a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5835c1.TMP

Filesize
1KB

MD5
120408a71ffe32ecb72d3e6eed2145cd

SHA1
8d25cda13721f76354ae636d019b63f020928067

SHA256
f23d0aab58bc2e93946481fdfc4800ba9d9f190741884bc85e3973912be00df1

SHA512
156d0e24af9065225599158bc67f1e35ba8bf4d488886140ebd35bd6157481d3e2dca7307a6b96a0fc63d46840341c5954b550096ad8029fd7a5b711599b691b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
244618e5e306383ba58b96f292a4d4f5

SHA1
17ec23629debf16dd787e6705e2bc97c500cf680

SHA256
f4d045218ce914a16ac2644dc0bb982b9c38a82903e9eb0daf9928a5f74ecb9e

SHA512
a346ba53e5b8746fe1641ddae8770475fffc02adaf8d689cde6779cae74186a004b6ea8e605138651fa2356efb95dc6527a38b833ddc5d4043e37bb9216aa266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
692e2b81313133ea4c519227d1ba55da

SHA1
d7d99255581823bf69ed4f01de274fc42b90cfa8

SHA256
d66d733314d9c399e8a48d6b1ab9a01ebf2e0fe9fb360d308ac472066d9c053b

SHA512
e639efb51c3ea63a052c203a8a30822668d8650b5308ad6c7a1fcf2cfcab975ab9ec601cbd730d2b13ef1a4063e85d6966e28eecd0e5a6c67993ca6eb9d1ac7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c7d6ad979aad896f8b6da73db66f2bdc

SHA1
7df399f8aa5c4e45b32d8ab197c25ee610404162

SHA256
1ed2d197934450575bc0c4602b0bdb3d36821c2c8dc43e26cd0053f8f24edee5

SHA512
fa16b52015ca9d84b925416d69e1c69944ee23cf801383354e5f864984c155cef1ab02e1063aedbf28c93d4c207920803d23ee52d37bf3151e6a5d6e3e9c2d82

Download Submit