hxxps://cdecyh[.]com/zSdb6jc

Analysis

max time kernel
37s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 15:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cdecyh.com/zSdb6jc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
1576	msedge.exe
1576	msedge.exe
1396	identity_helper.exe
1396	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2192	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2192	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 2980	1576	msedge.exe	85
PID 1576 wrote to memory of 2980	1576	msedge.exe	85
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 3992	1576	msedge.exe	86
PID 1576 wrote to memory of 5024	1576	msedge.exe	87
PID 1576 wrote to memory of 5024	1576	msedge.exe	87
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88
PID 1576 wrote to memory of 1636	1576	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdecyh.com/zSdb6jc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc7bd46f8,0x7fffc7bd4708,0x7fffc7bd4718
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18244434391685745555,6186436371023960481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2252

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
1a13687d20fd227dfc7ee3c6fb2ff9b0

SHA1
ce6246c13496110f2a3c20f6664ea5fda2ddf7d6

SHA256
7d355a39a2ff2e987110788a5d039038e87a44d7debc6152bafd6a8e97bd181f

SHA512
1b46caaf1ad0020c80b6483759e37f789ca5c25dd540f96b7c0310b0e0684f1025ac6a91a675f2bb07692943df3a839d0d7ba772623d2ef550cf358d03d625ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
403B

MD5
60c57a73fa1404a53c2f59a69577a8fc

SHA1
6a1abd55f3fcba19d2c1ae95af05c1dd1a01aea5

SHA256
d6005d0cb1a0814306ab255cf378e095c7930659b16a979e95a9960d3947be5f

SHA512
63ac88384f9b82817012080082089125434456294b815690b71fc93a7f7d40590347297f25a2afa5cc985b65a6d768cd477f82bfc18b0d9a9d808d2ba5d6e652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3c0967d138c459f9e144cae7a55bb19

SHA1
1dcb68912008b57b6d971bb2737d871cfaf5bc81

SHA256
89a8e103efd35a9684e72361e587cc3987d2e35d2ac09127c581c59ef1aaac2c

SHA512
233587a33189da37cba21b7675f7aaa307e65c913071365e8d37a2d019cc106d528f31c34369be24ef2c6c3d51e21a25fe12c619b5691a8f8367d492265c8e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
52e4d5534baec6e21656653669b5da21

SHA1
23e4ebe2625cf2b6b430b749873fe2be3748edc1

SHA256
ad3eb0a536bd8eb5adb99f365490edb9597c8df279b7e50cd4720e6b4f381c72

SHA512
2c06a51fc2e4d4c4c413aa1d44818a2e4cea6a8070624e12852643e401ad1125248896cc8b49049125befdc06e027beacd8fca1de8981050367740ed4b9e1df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b120e611abeb3f721e5d0b53e53de304

SHA1
e2c8fbd38357ddf98751d0e43bf0fd74f6f95657

SHA256
2e57d7260bb4442d206ccd2e11b417df615939be6c60d192f6fae7fd625e72ba

SHA512
aadb6b52355e9e7e5f1831c1c92442fa7690536a670697ae2c4c197b1ca081b311b4135831ddf9744cc8128c1f175a32083290e4342cf7ebf571997f634b784a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d65f59244864014b4deb53f756fcb22

SHA1
09b56ea65318575b22a3d83e934c6ffa4a2979b8

SHA256
83f5fab13b8854426b548480cd5a941fe744caa61b5b3e5eaf2c8780693c1a7e

SHA512
aa42c633af25e14940bebfc02695e51755b57b15002563c56670902b496175912a3591c756d80cf21c7a014d713726e1dca83738a3907baf465c0315f8a95db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\5e612a8e-ee91-40b0-9780-93cbc786e2a3\index-dir\the-real-index

Filesize
144B

MD5
7b8c6f2b9cb2487e1eb413da6cd2ef40

SHA1
38dde90f3bd914179496cad625263f8a8be3b850

SHA256
85c655dcbb779576aa438082b81625fa0a8d52ec08f5c775fc9b8defccbc1295

SHA512
209c72927ac49f0f38d0cebe58114d0d2a441715257c200fd41bc1031fbfe6be7c01a61fde80f6771e3db189f88c50e41d09a97edfc09e13cd2ed8c515ecdc2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\5e612a8e-ee91-40b0-9780-93cbc786e2a3\index-dir\the-real-index~RFe57dbc9.TMP

Filesize
48B

MD5
b089d0a2e1b66c39a3d0c22921b773a4

SHA1
38d9ecf951ebadb2b7463926a3799d0f7c7aed85

SHA256
5f52aef3b154a09ee253ab009e30201af9175939027eae7b5c8faa0988e09450

SHA512
6d3427cfd5eb9661de1b2d0d0737a0775907de1928f52f7ea05b6bbfd832fd50abeaf5e41515939b7dc41fc020527a836f38d27dfa2b6c43409a8170c197591d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\c8301b71-c484-4ae4-abdd-baeb32a7bed1\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt

Filesize
224B

MD5
35ca00c65c999bff7e2320a88f291f35

SHA1
9f6074bd9587d31747762fa8b6be1594e5d6ee61

SHA256
c26429aeb52d93e7df409f8c9c640a8f0fc9ce52dea50b7739d550dec50facef

SHA512
23fab7037907e05032c63855e0bae3e87f69b82943d803f76d360ee6434d3d691c85af32b0108bbe9fc291fab985d23016f9cd05cca547a6d9157a65c07ff13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt

Filesize
283B

MD5
77ca06db5cebb9a4290070cee7398777

SHA1
c2507f12f5bab5f217cc390d1caac53f20d3c810

SHA256
b09cfaeb8e26b60e04a12b6952915ea2747e6887157aa688909d3d43d09cf67c

SHA512
37fd5a24a1f7b9859ebe5c5e4443994432cefc762f92e62be2fc1bea5c10f45c21958c30e6a9939a6b235da19a88bdf9488a6a812f8f02d43085ef23c08012b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt

Filesize
340B

MD5
3819aca8f4dd0ccd9e335a75b6e12ca1

SHA1
30c0fdaed815650e2b41a62a5f71eddb9df6d9ce

SHA256
75814a70798f89c8914bcd3cd122d4f7d76f19cd15f525c1f49fa3588556fbf6

SHA512
399884255b3f4a9ca08f0f1232c081b2409cfabf423fbbe20a5daf5cf3e77a0ee7222c2ad19d0252816e82fd9721a9c6ab260981b7767604d062ae246bbd4633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt

Filesize
171B

MD5
680fa26de44fbcd29130d5f897fd6a18

SHA1
a1db0a06c8dd9ff86d066fee4732f779d2d52497

SHA256
938cbab08d8f774d9ff9264184e2cf7609c9f2b2f5719aa5818d033297e9bd1c

SHA512
dc79b3f3c03e8867cdddb905aea1346940820c806edb4009af55afa6773d82c43b2cf416411dfd4da6bb9280cac782fbd9110f0c7d0b1d08bf3d49c404e1dd32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt

Filesize
333B

MD5
a2886375d24739a2721d21aff051fbe1

SHA1
9b293e00edae6c7211c85d2efdab6771d44b5246

SHA256
2883099e664d3bf8af3ee37513e9724997b2f2d5db74786363a849d5c9d4bbaf

SHA512
b6f7e059d90be9f6b20bab4ff75969a7e9454e90968f60fc4960e98a3ffcbc5fcd33fe4e8df18c0276c3332e08ecd24e7c7a3a2804448f959d4f023d53ba4825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt~RFe578ee2.TMP

Filesize
111B

MD5
518634ca50e36ee519cd55d4d3c36996

SHA1
c99d8cd174440d5e72de6946ba1c22c4e0f78ca7

SHA256
654d9d9fb6232a1a6b94412aab38555dfcff1ec540539e9959cb3ba39731f0b2

SHA512
8f1259d7c403a890d3db87d48be2c9462f35aadcd4dd48cf8fe67a63cf0e72d2ed6d147470bcb550a1fe61fe999f4373e0f32ad94daadf54c50e6551b99dd04f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7d34456c473784efada4cc209c02cb69

SHA1
248d346243abcae56133e13800b1f97d6f9d46ab

SHA256
3bb2c6c10e2a711a2606263cef8e61f701e6ea59b579851f24bdd7967efd60d8

SHA512
4af59fa962945b243147511cadfa5376946a7ea693ece52a86fe10e9b769f9a6ffefc6666e19c3893b51a0e25b64b10c184207b633e192c884848eb7c08656b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dbba.TMP

Filesize
48B

MD5
88e269d2a5af12ef1f57a01bfb73a2c2

SHA1
ffd1a1f4ec4401aef8e81bd62c5c272899b55a05

SHA256
23bd9cb17d33586e5fa9f85960bc483e1da8cd869b46bdd91ef078f0542a075b

SHA512
31e0be50ac7adbbd3656f15920fad1e543bda3bb6d68c0276f527ec57f2e04bed80a4f2eff35268cd59501327d941c92e0230fbb182b51649a2fddaa66c3db4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
f0723947798e276a809a9d67a91e76da

SHA1
f709bd0508d02d0436d9835399420274d1e367ef

SHA256
524d7bf90e56e815f759357516a856b07586bcebfbcfe0cfdba8c89becb75f38

SHA512
0fc6683f758c956d824a7d173539552006a16efd55bcf4a6937d8209a518a0178e2ffd47d2e2ec164bbef6cda895bde7bb340f1f0cc53ee3459bebd09556e81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57abef.TMP

Filesize
371B

MD5
828818256a3ebe875554df60a2781124

SHA1
b5bbfc5387c4e86a087454a15df23ef5ce3ffa55

SHA256
74f9015f0074f0b70e118b5c18c1c62c30ccf7a2b24619d905656d96ed1391f4

SHA512
7b138782f7113385d5e5af23279ea21519be6e61e47dd26389f9a4cf8a8b4e78c2baf43ee3cabca1eab2a7693aa4325273e018054cba0ea72a8bf38a00d46c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
10ff333a3597e2119ffdb5b62983eb7c

SHA1
7c7d3a108dcf159c9113d21ecf2b0de2942711dd

SHA256
52c9636149f8833a592990e8bddc78940626508318299b521b7983ffa1491ab9

SHA512
514841b446192c4b346474f6e961ac3fd7c72c895da21924cd2d23ba9c71c7be972a9f88b7a63239d0b2f87dc1916e4567b8ac49a023f72d0b5ee3632f745f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
148b7933bfbd484e1e0a64ba4c9c094e

SHA1
cd4ac491a08629c79481862725deaebb0d220053

SHA256
7b688d1a0d76566f636b422fd808f1d2160083cd551528a7347bda587853779e

SHA512
7dc8bf68e127df404e9c53a58e6e3d21dc6278c88d0259e8afdff7a39e622ded9f20587e361bee68e27828c6f22f875f7ea8c91929c17a3d66fc25e84be9ef25

Download Submit