hxxps://ssfslaw[.]com/click?redirect=https%3A%2F%2Fvm[.]tiktok[.]com%2FZMMXL7WmK%2F&dID=1713320910991&hashId=452097f4ea96930fdc6a3e0bdff3bdd4d183f36161b4b1cf4b54c57ba122986e2dcd32&linkName=hxxps://vm[.]tiktok[.]com/ZMMXL7WmK/

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ssfslaw.com/click?redirect=https%3A%2F%2Fvm.tiktok.com%2FZMMXL7WmK%2F&dID=1713320910991&hashId=452097f4ea96930fdc6a3e0bdff3bdd4d183f36161b4b1cf4b54c57ba122986e2dcd32&linkName=https://vm.tiktok.com/ZMMXL7WmK/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3180	msedge.exe
3180	msedge.exe
4972	identity_helper.exe
4972	identity_helper.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4544	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4544	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 5108	3180	msedge.exe	89
PID 3180 wrote to memory of 5108	3180	msedge.exe	89
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3780	3180	msedge.exe	90
PID 3180 wrote to memory of 3300	3180	msedge.exe	91
PID 3180 wrote to memory of 3300	3180	msedge.exe	91
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92
PID 3180 wrote to memory of 1384	3180	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ssfslaw.com/click?redirect=https%3A%2F%2Fvm.tiktok.com%2FZMMXL7WmK%2F&dID=1713320910991&hashId=452097f4ea96930fdc6a3e0bdff3bdd4d183f36161b4b1cf4b54c57ba122986e2dcd32&linkName=https://vm.tiktok.com/ZMMXL7WmK/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc470046f8,0x7ffc47004708,0x7ffc47004718
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,355860987772587662,2761107275108206649,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cff358b013d6f9f633bc1587f6f54ffa

SHA1
6cb7852e096be24695ff1bc213abde42d35bb376

SHA256
39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9

SHA512
8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc629a750e345390344524fe0ea7dcd7

SHA1
5f9f00a358caaef0321707c4f6f38d52bd7e0399

SHA256
38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a

SHA512
2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9b63267f-fc67-4185-9993-d6425177c1f0.tmp

Filesize
1KB

MD5
b5dc94df17284bf22f13f882dd12e64e

SHA1
c7914f6a427701ca5d96ab0664f3929ffcb6e5f1

SHA256
28a2ce3b222b47bac2f200cc7c5518c6c2022a3f72a6d3e8a02a7206cad6d96b

SHA512
6d8590dfbac225b8a9c9df3542d71050862decf47a8707968f0a077bc1d36cd246bbad4ee7ef1f666a53b21e913a5f67073fd8b7321588f9d5754a466d6cd2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
281aa10817c760fd3e4b34bdc6e4a198

SHA1
19d7b6d33744063bc33fdd1df08f36a81aa2cc43

SHA256
587e394cceadad8ac76381bc2abb2a9436ab8073affb1f6c129918d7044d3970

SHA512
43fa2e26bb9a955f39fe3c566cfe16a3448fea61bebfc891e9786e34e33a8ec6a7c3c6a99799b4872afb7a76dcbf908c5cfca546483cf46d05d5b26f4671b49c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cffb0635f37c3324034d61ba29732fa1

SHA1
48a2077ce4eb30b8bf1079c9d1d70c68b82c540d

SHA256
e6fbe46bc88c200943c9eac7a6e58e1c35ce0f11c67d4e5478b327227f03e3b3

SHA512
3530c815a2bf1b14f27fd91b1f927a6340cd44cfefc63b4655c8832fb05338dffd94d25e41ea14d6a99b6a71facf4b49963cfc85db855109a73c5658fc490391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
595f0b6da86e5d58cfa3614a44e7de46

SHA1
e9078c321d48a545a280ef3725ce692e669a03c5

SHA256
c265a754c5cc52cb58d2259f6e4d478efe8145565b9bb41c3dc52936e54dc913

SHA512
dee3683c02e6e4e02850ee9e1e7b7afaf5a151c2faff9c2d5f80272f3e30a3a6b5bdde02a69b5fbbc76bb075a882162ad9b2c68b663a925d68cc3a572ff8bddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa704ce38a65a98c21d3fe5a1b69ef2a

SHA1
4aeb3d0b45b3d555fe0596ac498d74c66720a2c7

SHA256
9c36b90bbc460a62930a5a0b2886400131c20f6fac58aaaae988edae898b7158

SHA512
0c5098ee3136086412b9b4981104d5740205fe3c4db4f24b9b3f18482f0156c9c727056e7c888abbeb6736b6445d66c491f529f8761f1ad156f3f0505100269a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
64e429f0ed17be7b7022802e148c3437

SHA1
0fd2a02248fc3eff14707b62c4a00b9b13730e00

SHA256
8a382dff25e8e2772d45630dce462cd7132639513a08d3128553f97a82194069

SHA512
a78f03e78bf1eb792ac1e8d9c3cd8cf49a8ff84a5fcd47a40f15fa8a2913503dc5258d4a3123802330d9bc2e7546125a1583906b8511f3ef08a1cde9db4519fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\980340f9-4330-4ef8-b96d-0ee24e0ba1c7\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\980340f9-4330-4ef8-b96d-0ee24e0ba1c7\index-dir\the-real-index

Filesize
72B

MD5
0b2664d5f993adf39f3364f7d1371753

SHA1
d528340baa3ae636575996ca90d3f9ae825b1163

SHA256
c0a88212088d0b37a5f114824fa3fae756f3140ef56fffbfa10836d9ca3d3e14

SHA512
08624d18438f72b78b55ab0672001980704085b6a2ae06ca2155fd4105fdd5bc15ca88024ffc48519807d52eabe708f9d92462a7d4a01d2a80190266d1e464a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\980340f9-4330-4ef8-b96d-0ee24e0ba1c7\index-dir\the-real-index

Filesize
72B

MD5
bbbc3392454f13d508135b7cbd9a1da4

SHA1
d772763b59b1d0db97f396ea5239a64224196730

SHA256
15c6fd3d93f4b6e8e18729adbb315d928ddc0c509dd0d6c22d24d93134e61c9c

SHA512
c4ab73d7c4598ff76133a9e6f2a0ef08d72bd4461c3ba47bb00aa9e43673ff9bde63ffff03d1ebf71e46967841eb99af3eab11cd7e89ba57f62026062b58cf2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\980340f9-4330-4ef8-b96d-0ee24e0ba1c7\index-dir\the-real-index~RFe57f52d.TMP

Filesize
48B

MD5
4399d2459c6bb0bc69146185eb69fe0e

SHA1
d01349345f43a20933922b8b1a62f8ec7c1393f5

SHA256
51edd2c224ee50fb50b8d68cf589b6d2d4a9aa6d4b16331d2a4425233cf48887

SHA512
98b6a8dc598ab14b42d475a88480509f28f6559990a5ef62e3e30d847775c7d47fed5a0409e4998c798dc07bbf9a0c18145edc79e455ef17c7eab2f6761f83b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\a9742de3-4f94-4995-a85e-4446d5579c7c\index-dir\the-real-index

Filesize
456B

MD5
27bd0bc3471d2718dc9e12f57ac867d9

SHA1
4b3ebe156e36dcbf5b47b98da651c5b6bd37a375

SHA256
e09fb6ef2696eef58957b4dc1ac9f8e6b28ccba951ee3373c6ecd3b3cb1dd412

SHA512
7654cec65ca9683f9dd0b4ecb73f09d736e3e82b23c883b9481b16ea083f593ef4ec1a778a8979b8bbd9d4a1e04857540e0a99cb4d471ad30fe436fec17d8118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\a9742de3-4f94-4995-a85e-4446d5579c7c\index-dir\the-real-index~RFe57f77f.TMP

Filesize
48B

MD5
de8e6f4f68060bd0c10509fa0fa527f5

SHA1
be663c58a364d2aade785301b5b3a69b9b311b93

SHA256
0bb4cbf7aee50c65f13bac9cd7508c302360e6bb767cfd42a020222d0c380b9b

SHA512
527f0eda38bf1337203239a633bca4f979bb6daa74ff4ba7f081346c5ef233c080adf977d361ee1ff0bc9e090dc7db61e6667bd41ce5e2f24f05abbfa658438a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
168B

MD5
3df9003a50e3b40a7f76339e876659b8

SHA1
4df8fa6ac7b5dd50a08a71dc9cf638d1c676c203

SHA256
ced48ba6bc2f4304d92f58ff1ad746c0d39d3a97be1236bb67c508e39f5dc4d3

SHA512
3ca0eb92dea3a6fbc7434e225a4e00ec72b158804b1146e79f87978ea231c9942abd6409490525618b25c8e7ef43a268cedad31a41d7604de7919e9d0eff28c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
165B

MD5
2ffb7c98df804f667faa94e26c0add7a

SHA1
8e8296c496edb35a515cff94bdf305cc8ef294ca

SHA256
bfe81bda044f815531d18cb5dfde61f09f6a1fef42baf7b9545985188916c0bf

SHA512
56a158a02307e3e7c3e82c4658936011cd7fa1be5343780c27da0fa35ea7cbd24a1373e5d935759a00b4b8aefdb6fb01890e3267f824c1c61f4465b78bfb1a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe57a6fe.TMP

Filesize
102B

MD5
bd136cfecbf4741df2d7a710f96315af

SHA1
a1310433b6d250d225b8d00712a914c8c9d493ba

SHA256
da997b891fdbeae6a1b12fe2eb598a4948621357f531124f04f5fd29b79886d9

SHA512
57214f38fbc1c3caae85fa6aea08e9be5a07c687435145be308171a4876ecdf188053b1ec37c974bae99c170dde3217f12a1aa983cdd28893839ef1174d789d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
9ca8559c1c3f39d04263907a088bbfba

SHA1
0b73cd5af9217b8aed453e616cca6e86959f2bff

SHA256
9099efc0f1c87e8e74242e3ac7e9f768963dc46268901ad0163d14872f2cb3c8

SHA512
9c2cb6feee6f65ec54a5be25cdc165b6e52e51dd80301a4aba41a929708a06585b9feb5234f7e8c19d6a51139f06c461100e4e0cd68d37a62c63ae1a49a883df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f4ef.TMP

Filesize
48B

MD5
db85a4b8d6d5faf14ea4d33c11d97797

SHA1
2050857833eedffb496574f301114a9f054bebcd

SHA256
61436c4e91518e1a4a0532af6c3a92f59f3219fadfe1b456a13eba2c5e345c78

SHA512
e87ce75b3bcc1a9ff0f45c43112849c9957e26de29e9870e4019a3b3973ae4a9f7266f81930b9406ef073e59d45074d232582748a951baa4add49ab3b7930ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fb09.TMP

Filesize
1KB

MD5
a4e6fee4b6112a9c03bc394b829cd211

SHA1
034f23586695469955058dd748f055faf9b7dc09

SHA256
99f96123f985dce6098b2408ce8e87f4157e5503b67c259919c9d27d397abae1

SHA512
760d1d8c9c655dab9cc1d791f739da6928ca57e03cfe22761453770ba38ba6aa69cca6071096625bf91ef8b6d9a47d392237d1da27496f2a570c82631eea8f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3ccfbf7d6d634fbc05cec52cddebd7d7

SHA1
ad051888f7a736b24fc11ec4497df04e25e4c1b5

SHA256
32233d5133c1af41342bc8b89036c8fb8d2be002c59f7a84d3a00c91ac1259f9

SHA512
c537113995c6a5860d2b3bde8da3f2399fde2d94fb91616f883a30db1f8e9ffcffc2aac5caae374d6fe4641d5219697cbd27372f2c8f789ebaaa4e05cdef159b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
25aefe507bb77686f4feb99c1497e2f7

SHA1
16680a4abbc2fb14bed289eaa256d9df53c44906

SHA256
7efda43cf8dd354b5ac62fde4e519e75d4299b5178e961b3484ba2369dda6c1e

SHA512
639c84ec81805e21a71b083ab29d5e6b404f6eb14e6bbee8eb9fc223bd6c6b3e97424e0c97c48ca574e4c352bd68cd3a977c89c7be3ede9c0345f898125d9b81

Download Submit