hxxps://3lwr6yh166f3zdpl9tt1[.]ldimbo4[.]ru/12pi/#bGlzYS5jcm9zYnlAdm9sdm8uY29t

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2023, 15:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://3lwr6yh166f3zdpl9tt1.ldimbo4.ru/12pi/#bGlzYS5jcm9zYnlAdm9sdm8uY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2412	msedge.exe
2412	msedge.exe
2832	msedge.exe
2832	msedge.exe
4532	identity_helper.exe
4532	identity_helper.exe
5272	msedge.exe
5272	msedge.exe
5272	msedge.exe
5272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 1968	2832	msedge.exe	39
PID 2832 wrote to memory of 1968	2832	msedge.exe	39
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 3212	2832	msedge.exe	87
PID 2832 wrote to memory of 2412	2832	msedge.exe	86
PID 2832 wrote to memory of 2412	2832	msedge.exe	86
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88
PID 2832 wrote to memory of 4060	2832	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://3lwr6yh166f3zdpl9tt1.ldimbo4.ru/12pi/#bGlzYS5jcm9zYnlAdm9sdm8uY29t
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9e9c46f8,0x7ffa9e9c4708,0x7ffa9e9c4718
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6505156455586036973,13406901140038958703,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7508 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
0980c6db5b841e992edf7dbd983007a1

SHA1
905c671a636a96b486dae7e9ce0676ea3a041816

SHA256
205a53cafed00d788565dfd516f96dedd699309bb8a496f53ed9766cc88e78b7

SHA512
b207b895d5782c6cf2b429da1ef94ce61ebc0fe769399ba9edc15c33eebdcdb44cacef83f81d070edf532756e4d49a3be3c69c6a084cca5e67e838d00fd6fc24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG.old

Filesize
349B

MD5
fc3355876250843f1265cbe5ed5fb7da

SHA1
a986cfbca5bdd13972a320901d2179f24dbfb020

SHA256
3d90126a5dd82a0b693521b4af64dc868d6723f9d8b5a4f14c56e86a5986a314

SHA512
5c34d0b491c6b2d213605be021f0fb9729a8073fb389af8d468ac8db9b333fdf2b59e5e2bc24f7e8b8b75d04bb6e9ec52d6e0c675cfc3ac1c0590b78cb597780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0c974eb8884a6dd81a36092e1eb09215

SHA1
a8c862569be1bb695c47af878cbd5fe227b4c406

SHA256
a951885366cde70a69f00f4333f61ccfdef19a6af318b87a507d3ec4543c3541

SHA512
3b22fc176915ab365ad0d597de41a1aba681578210da2f70797b513d3b6c0d97f937f15d1f17db3781d0681ee2678c9fa363eca0b6650cc8507a2e016464e2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed665c7f5c66e2c4315492a600954ca2

SHA1
45983e8085bcb4ac8b20fa8c2af11c294cf4e2cd

SHA256
b32fde63b126f367297ba92210205295f710001074b854cb1fcdb50cec84787f

SHA512
b9b280c6bd50c626e109bb52f5767d4c37d1255783e6f63773063efc7a0887b8ab2a7ae95c5f6e0933e85a0f5d5e5591e372c78bfb035e2446824cbba73ae8cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db5d224fd0ad32eac7f2c2a14793780f

SHA1
f1dadd755db667e8d018d90af2c8a0dc9fa2c5eb

SHA256
c0c017c1ce59dbe3935ac90a57e5e00c0de001e0d6b4ac4676c904989a97eda5

SHA512
a2a7d28f6be98a39479cfa0fb25673bcc093a471df6fd7393b08cfc76dd2368be3870a1e2921e5cf68942e3873bf9c19fabb2f9601965d96cd09a0f1b9068b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6dcb90ba1ba8e06c1d4f27ec78f6911a

SHA1
71e7834c7952aeb9f1aa6eb88e1959a1ae4985d9

SHA256
30d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416

SHA512
dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\f2e8164d-f9d2-4e5e-948a-ae59540fdfda\index-dir\the-real-index

Filesize
21KB

MD5
ebcfa0c2a7f91f440f61ac4f5ad47fe8

SHA1
91d65b0148962fbb868dbd00be62d883e173a655

SHA256
5138ac90b0d5acf8879ce197365182fa255a7877c58f37d8d50d08b6981f6c21

SHA512
6cfe4fbb08bcc9e5deb9abe57b80a03801dcbbcb5f1145a20814c0915e0269cbc9633b33bde92794be33eef8cbf23a8e2d4510640a271b5bf85ab6653a2f4819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\f2e8164d-f9d2-4e5e-948a-ae59540fdfda\index-dir\the-real-index~RFe588fd7.TMP

Filesize
48B

MD5
70223afb14ec2f9091bf69c0b0636fea

SHA1
122d7b452844c04444f7cbcc957a14460a1fb7bc

SHA256
2be7c12ea75be1dcd58d9930267f137309ca953f2a312d91416d44a0e17e2bff

SHA512
98d5d960f701572392b5c0afe3403be4a3156225a90aceb3da8defe2208c0382ebe9ee54bd2edf771943a01f4c22514012b7fc5f758a96ee2aba2a61caddff19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
235B

MD5
a33b3a7f0bf9371e241e62b58f784643

SHA1
4bc7753a956fe34a5715e654f30e9bda1ac30ce3

SHA256
163c65bda0897f0a8f3f275c55932cb775aaa71fc2adf31a8d71aa79aaefbc52

SHA512
c74c97e846a5dc686531cb504eec95e232d36014636794c79fbf8835dfa59a4d36f555b443948e92087e08ca35e4643fbccbc7dbebf6a164ce5a1938c8876d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
231B

MD5
30023c38fd22e7dbed8362fd2583b0b5

SHA1
bc9db646754613074bd24639ca102465c54597cf

SHA256
b3e7a314976d87f5ac08c10737d5b8c47389813cc37cef2128f6ac8de06cf28d

SHA512
a1b647a7f5b931f4f2707ab9e94273d7aeace29f4df99a71c65c3efbe0f1fbe47443bcfa0beaabdd2af1f8306903c6425cff403ce5fb6cdc921ea28544a991bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
c306c57cca2614cf2ac1f2bba809ede5

SHA1
9d34217135151dbf6c52464b7e2217c0bf8a5df6

SHA256
b036ac5cfe254834b14da1c03b9c97414801b5a444c3dfcb35bb2711e42e9887

SHA512
74b33091fcbc657fb98db6be4a4aeba5e5f1d75e66f49b157f3ef03769f8b019c6af089536310659bbf02b073439f15e0695670a9ae2621c9d1f97e1b4c71277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58027c.TMP

Filesize
48B

MD5
ffd1c5943709e36c9fd82b9a79ce4e54

SHA1
c2c0214700783a43094b95e72667c042dcaaa959

SHA256
c18ae99ca29ec002c69cd906719581f14c99d8c89f4412624f48eed2e452e732

SHA512
32c839f9db66fd8205259604518029dba711db57bfb03b72c076587b8e8421ca980d1c10c275f55abee7bad77a8fa50f3d71024caa6c401cddd54f064fa46eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d3220cef17e57c5e69a7d68feb71df2f

SHA1
4b61fe24056b0844785a98c401c4f28064dc3eec

SHA256
6a938e5ac7a28e776f35b38e1cab7b0f016e62564744cfcc089d90f1255b23a3

SHA512
282dceee875d01571fbf161738b78fcc18866130b419afbbee1b9e5bf0e31944a646dfa25e76ce822de878b8c91e8c5562152ed9294ff2f9cbf0ae256ff64396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f964.TMP

Filesize
1KB

MD5
7ca4ab641487c9f03915d7b345e4e1d2

SHA1
bcc6336252d0c6326455b7072adc06539719a805

SHA256
20c2ae117976decaedc7c7d66174b3267be9e15a287eb31e2ff30acda942d0ca

SHA512
b61f79e821f836d38ff50b4fc9e77b53f02d4792fe0dcc722506c66fa0a94f7bb0fe49c5ca5d0b04fd91cbdc29218dc883700645c3dc01c5f56b7f7defdcae2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0396fe39f7b163748624243f63c3829a

SHA1
e0db9c80d18c270f62a97366be5423f8f6e591f0

SHA256
4951d8f10de2848eb5cd768912a2b39fe13debc1930d3aa72ff94d0baea9968b

SHA512
3954899bccec2f7ed3d7571d4304c4e8914ab53fbec570832f4ec0e64cfb2a028b253aed1cb862d753466c82cb6173cd505e10e1e69599e8d8cbb27bcde84c4c

Download Submit