hxxps://grabify[.]link/99E3U4

Analysis

max time kernel
145s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
05/05/2024, 13:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://grabify.link/99E3U4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
980	msedge.exe
980	msedge.exe
4872	identity_helper.exe
4872	identity_helper.exe
5000	msedge.exe
5000	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3880	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3880	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 980 wrote to memory of 4132	980	msedge.exe	79
PID 980 wrote to memory of 4132	980	msedge.exe	79
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4636	980	msedge.exe	81
PID 980 wrote to memory of 4056	980	msedge.exe	82
PID 980 wrote to memory of 4056	980	msedge.exe	82
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83
PID 980 wrote to memory of 1484	980	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://grabify.link/99E3U4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc8863cb8,0x7ffcc8863cc8,0x7ffcc8863cd8
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:132
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,18165203149807530502,796216790885769005,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6340 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3880

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c16971be0e6f1e01725260be0e299cd

SHA1
e7dc1882a0fc68087a2d146b3a639ee7392ac5ed

SHA256
b1fa098c668cdf8092aa096c83328b93e4014df102614aaaf6ab8dc12844bdc0

SHA512
dc76816e756d27eedc2fe7035101f35d90d54ec7d7c724ad6a330b5dd2b1e6d108f3ae44cedb14a02110157be8ddac7d454efae1becebf0efc9931fdc06e953c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bdf3e009c72d4fe1aa9a062e409d68f6

SHA1
7c7cc29a19adb5aa0a44782bb644575340914474

SHA256
8728752ef08d5b17d7eb77ed69cfdd1fc73b9d6e27200844b0953aeece7a7fdc

SHA512
75b85a025733914163d90846af462124db41a40f1ce97e1e0736a05e4f09fe9e78d72316753317dabea28d50906631f634431a39384a332d66fa87352ff497f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
32KB

MD5
4691023a524333adb2337720b52adde0

SHA1
a92c4dc3df565cfeed1e15ea4ff059ba01fd9248

SHA256
19f1853554fe7305eeed5dda5c8f0c01f51e2e14ca101f129ace3ae25f5c3d8d

SHA512
e7c9da80f49c888db06da32da467f8166c5e10374c207e2b7ad29a32d504c97491d96d5c298f4e070f857bff045bf4af25391b69cad5d5d379bb3054c4da8803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
73a660fb16898416c21ebcf60baa0deb

SHA1
76b4f4ce3c6cca79d9126a24c95d52743f9144ea

SHA256
48f3231705cb876cce90c4342e5c60b792b3b8ff18e59954b214b85ddfd2f7ae

SHA512
831af2a7f03b8f246f9425e21dc74a646bc9213792c3b12fb4872a9c8fcac7240584dd8f6672802b5d75ec86d7e56186468205658cd01b428ea7f6144079fc5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
f5f07638e12a63014c1a04e26db46723

SHA1
397f8e4544c79f79d6b492d1d88b1e811a1df001

SHA256
cfa797afc2da1797b5eb40225b3296e77449031347025cb41bd1205ee1c2874e

SHA512
5afb8892d7026a8f660d9f06b53a26c21d68f59d8fbcc1da1f06ffde03ae61927c9165deb5cd6760c081c2526a0edf8cde04ea079b0d056d95b042852b4e0a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
70cb42de3a1ae4c2cb1b16a65a4b0e54

SHA1
fea27b7d62b816205aba566101f2de4f9f4bc368

SHA256
41010135bbc919b511fcfaf3a870dfaf7a3b65f0fd56b654302d09ba694fb5c5

SHA512
da2c107ec49b030e99d8187d44ca3702b25c0a90baf32be0ea05c1207831a9c89461ff306455e2d58c593e9b80addc243892aad0ef05ef31b45369fb33370ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
24221ffcd732698cc07518eea8429414

SHA1
598de9a250327b608b6af9b01a1fcdc1ecb66224

SHA256
ba52656eb1dabf3c1b30ae152734ffa5db00bf2c7b9399ba6e758846be55dfcd

SHA512
6cec20a4c84b0c89bdf930e6d2f4a7c1c5e89fa146c4e19b2b9625c1baf6cea855d7eef584718d4a1b835ad20c2dee0db17c2ab6edd5592a7d069c7a62418ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
83ed19027a9ece089e97cb30949e682c

SHA1
dc69a0ec76a064efa88aca037bd900503d577f74

SHA256
e64442e997ae2d448310e8b0dedddaa2b0dbb790a2b084a96d4e6c16d6f2419a

SHA512
568e5c40234a034b8a94c54d4ec44efb326e8f6dedbf42f255854faaab957ab924f23e6462242939130299bb1d2922b32364599ef5b0677dc1864a1b07abf249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e071358df25c064eb6ab76a9eadba889

SHA1
55f8b0fcd2a182d4af24c25fa6798691267f3e6d

SHA256
980e1053ff9b97b2d3491d8d2d6f6d57b9ae75988c3da2dde23f80b55b83d625

SHA512
b9ef3423b00e8e1bd9f889e5be74ab3a48d9765a7fa866e52693b8c2d43e77cb8d352b13ca99f200dd8ff1e7012cce8fe973b59e8fa30ef0e28917bf3282bab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3694a4a3073a3d0bffa8aee79b28ab3

SHA1
f09d7c71202958a1b494175db0d6a3ae6c266c19

SHA256
8945ed95b1aa3d9a6e61d6916410eed727eaf2d0566a3dc17793b3222842cb5f

SHA512
aa5ca14d2e29d66bde614d4e415b4545328e2d3bd88503b5361314a8ffb44a35072ac7bc070c002dcbb610df9d793422f4623e66b41fd84fe17b209bd1a18cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
659d21a88224edb2363c5cf4688434a7

SHA1
c33f54de2f768ad3df96431bf17f0294ceff611d

SHA256
9771783115e55c1d5f45fa90bf4433ab3e3fc8b1b3285ba4d3312e00409ee302

SHA512
c1b716b1abd34b21fa32d8258b0401bfa52e8b758a8975918762e1f3a8f7dabc628013471679f3b72c48d09f8f137611ee44f41b6ca495603dab7b9c3a6b4b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c5fdd6b909912d69e2e19cd64f0ec6f

SHA1
7adea5d7bbd84453998549b51193198a87e9e075

SHA256
f84d28b895363309dcdd063367cd3052c0beb6963a2dcacaee40f92278a8587a

SHA512
ac7dbd0bdb7a69cd4f3f50a18cc93f2046011daadb6feea93fad5d870f0c61641ea610727a1a0296d8bb2945e124d76e834ef0c77755112c0d88112efe71fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8cc46362-0738-479b-9e7b-741eaf8c96d5\index-dir\the-real-index

Filesize
624B

MD5
cf31ddc8cf285459c93a697f1c348eae

SHA1
f9806d2ed25322b61d9235f69ff86e2397718167

SHA256
d544fab14f921352284300397a557735c4d69aa3d3ea86f19ab740a03b9282cf

SHA512
5d2eae764ce5fead3f852e4c8721f9a4bb2bccbb88671a4acc1a3de2158d57c631b5b56227ba9a0f551a8a3ae6584c3117a616a6dc3db8e5faccab36f9ebd8fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8cc46362-0738-479b-9e7b-741eaf8c96d5\index-dir\the-real-index~RFe57fbc5.TMP

Filesize
48B

MD5
27d7ddb8493fa5da2143ce74d2b06d6d

SHA1
a723eb642eb1f2027f7cdff224cf976c6113c577

SHA256
e147a47c0fb4312914dd8113ae55a5938bb08278368608cfa97bc799dafc3ef0

SHA512
370f355a9a75ac2d65ea145226a97f852d4c1e76e10954baaba7a3f7aaddb68b6e8490fcd8b3824a165748beb29c47c937d2d27888aa7f1895d9501e9d66d926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\93fc540d-d691-453b-bdf4-ed8ec40d0769\index-dir\the-real-index

Filesize
2KB

MD5
8dc929a828cc6afdc15a4a1cef7a021a

SHA1
9ddba5c0c2624dffa35ff0b36df72d40ec39f208

SHA256
a395f88eeff3ad1d4e5bafc24afccbab3d3a82104c0e81b6e6dc0a0553827b98

SHA512
2980b214c38b869acc7674d3b85b563d96cb14a784c8450561f95f3897af6ee4c1d4fad000317ec2937fe5738aca36bedd6400d1b2fe65307de0122d25cf99c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\93fc540d-d691-453b-bdf4-ed8ec40d0769\index-dir\the-real-index~RFe5795e7.TMP

Filesize
48B

MD5
b480398c45dac950d688acb47d8bc1ec

SHA1
cd2a5690f751d6617d1abc9bdc0ab85782b51fbb

SHA256
8bbfd3ae1c07cdece0113f99b4627cd8673e6943e86b66e2567336f5531f2543

SHA512
d10dbe5a7161880a43aca0b7e28320d5c0bf32299c5904e8d5680acecaaacf341636a204fd7d8918c139e2e984551bc93b90230c285f7935aa4f19f8965b7805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f0e0c5cc-ef0e-469d-a83f-384180005e08\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f0e0c5cc-ef0e-469d-a83f-384180005e08\index-dir\the-real-index

Filesize
2KB

MD5
b8506ac93b8c916390be98096235e4c6

SHA1
4d0aebd5b559a1f536db5bad2e119c5070c84b8c

SHA256
585d5afb8c54178a342e48ecc3a30930435ba08327e80cf99f7988c433bb48db

SHA512
ae6c4f4f8227ac000c65ec2e8c1700ee5e35ed64f54ad3d1b815422f1d79f26dedad6beaa80035d2c2ab3e7ffeade0f895254bc4d1ed9dd894c80e5e65f0e306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f0e0c5cc-ef0e-469d-a83f-384180005e08\index-dir\the-real-index~RFe57fa6d.TMP

Filesize
48B

MD5
9cfb1ed80fd16a7ba43be3c2f8f126b1

SHA1
26436e45b639a35a0ac3e67b0754a3101c3170df

SHA256
84f1a3e321ba4b88147178bab9e789544d6dbe7d47dbef5d1100013c446974cd

SHA512
dae9ed027f99bd703257bd5c684d15d69f14c9629f4eaa68a7797fd0ecd23e30b419b543e82c0330a042230a43bc05e860f029eb354594830f08f0e6feeb7f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
fee413791a49b4d5c1c7114a03a6c3ac

SHA1
ab45a86361df318b7614e28b05ae97302c8118ca

SHA256
f566e3110f8cec212e92d7f5ebc58fe779f5c62931c70a017c43ff76b9986b1f

SHA512
85e8cd584d9b3ed56677b57aa6bcd7a221fd1f0aea77029ac1149e4085ae6f13374e96ef6661c63af793fd2533ca3b1f3733724bc3b97af0cccf25a685a5c66d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
826f6e821c2f60a0a5d1001e4fd6f5be

SHA1
008e4e6fefdd9f206ecb52c1e2ac4e2d70851221

SHA256
6f6de418180aa9af1b46388399953f3e26cf08ba153ad95652d89b087b07cd4c

SHA512
9f9bbc4d36a568f040685079dea7e0d72863787ed78387ed14d155ff660a550ec644afb22f3a58fa8d0c7ea663a9675eb579111624485c853a0ae8c575e575a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
ed1607162576c9aae5f9b0baa7393a09

SHA1
495510f867a973a71bee5401f20fa1fd22b91efd

SHA256
b46222cf2e0219e9876bf1cd7dcf2ef8fd585dc6e7d76063a3fdf1b837d42a7e

SHA512
5114c84d0616c312fb802fd5a3e385ee43d0d7b4ec5783d00e5bb106cfde7de95a170256888eac09ea5f53b3f5321e00b63c833220788e561d80bec54eda8440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
0674c0dd1cab6d9f1d651d586d750c95

SHA1
69d767dba2856080d7c61fc6dad978f45a8fb915

SHA256
af681fb770544f046ec58c9b4623c76a089720e0faddc1a80d1b68fb0e99763e

SHA512
0f2ed46bb182449ffaefb09f5f4b45ed89046f348837d5ff01a1d4e9a5624aa50032935d370280585a8fa60b7fc04625a5de9f4dbfa8e95ee47a81b6ed602ce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
d746a89f81ae1c637f75016aaa9149fb

SHA1
a86e43fec97fea2c8f194511b86ec12f86202743

SHA256
16c033bb1a62c697473c6de885a66f99704d4f10fe010ca70dee884a53c84181

SHA512
dfa852c1e026e7709668049b3f01c8f43573f1f319fabc3a29979b76988493157939f045363ca45fbf5755965dc17cadb49558494344e4048682917ad7cb4ea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
ad41d23b5e83654adc9350d40dba6753

SHA1
d882643340a72a5e909b8f1881551e0ee7e0c71e

SHA256
ff23665862835ff20429ea6f4d92df4a04d8c9bea26c60c5e6e438507d5ad069

SHA512
42c1bd42d78804e7aaf93a48d6c1fdd07d9138154eb1127d47879aa9e6cf0fd8a00cc7c3694e4f68b3cf7ba2f8f4360f7875ec297bbdebd94ceb0ff08857722d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
be596c23e196c352fa758711d7e4148a

SHA1
a68c7c84b04ee0912ca8589f5fcc58138ca525bb

SHA256
6bc72b341e9492a084298f8f9f0b15f990d90b520e3314486eaf0f5bd49f23e8

SHA512
2b681b7a2ad2d78a1472ba30d2e572fe020819baf248dc94ee02d767bb99508013f31abcaa9816e36299a81b4eb77b8d34687451134116b4f11644aae95db665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
86d8fad3c9b7a924d08afc8a025149b1

SHA1
784cc3418854e082b96d8fa6958409473f452fa3

SHA256
c275357fa1f7e9c432dfa9de1b6c6c7f51eabed41a336336fed4e2ba119782ee

SHA512
9b6f8669b0ed4d0ca149c0c0219c4c858bcc790fd3c1e824a1bb50847b0e70b748178a56e118ae58180dda2adf5eeb6913ccddf4b8ef01f893c91f6970ce46b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
2690d6356aa77709997fb534d298009a

SHA1
4c686883fe63951c52e9434dc7c53cad8ef2d1bd

SHA256
2e9dddb690a423e068677a67f9358c94dd108a2018f099d6d2969c1ab24562c3

SHA512
161c47fa5bd1b0b2ded36ab6f3f171d22bddcac45c17ef6ff1e81ba90ec521c7a8ef64c645af1dcbe35c65f469f553340475f3379e010548e96c4ff1cf8be7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57eaec.TMP

Filesize
48B

MD5
6e2f12cb5d8622ea65ef670b68161a08

SHA1
2034e3e749ab22463456eaf6a8b1bf1973651131

SHA256
82cff1b3465963ff180968e93eb7cff6805a775e05e36e1c8afa6a20d4af6ff5

SHA512
f60ee2eb4a2cc93f64de0084414afcbfb4da265b41ffa7560bf23d0a37725c6fde4e31704db329f94835b91f0af3c69668b40370e307438b1828c3b4821cf902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
694B

MD5
643f4df67a14a6d67c239f28613c7de1

SHA1
fb4e07fc8581b81d5ec994a68e355a19caee320d

SHA256
d49545da850b4fbe6f8e410bae264b2f207174abc3c423a99b543900c15664dc

SHA512
90d3f04c238cfd4a84f86c5302ba9be61e1f131d58610481881b76db49b328b0ceb4d13feef6e7f9ad7a9b352d87fd5fc27cb7620428a7e1bdfcccbab52b7dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bc99.TMP

Filesize
706B

MD5
365cf8942ebc19db726c88c5e9a82c71

SHA1
8fa8b09c5aa535576be3b82f9bbef8b6ae2f6f3b

SHA256
036378e3a393e730435f767de32d9160d07082c00ecfa4dc91fdb7fa160ed422

SHA512
6831cfd19a0492e4ef83a09a9d13faea4301e4dbc7c27cc6ae2a37765a6e38e703597b3fee7663ba84db6740db4149cc3ac0ac701c83ef549fd6e438a4bd7d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a074a543192febeb4694f341bd5ad6f6

SHA1
11345ca4891983533efd106a2a15c9e97ad71e2a

SHA256
a204b29eaa8cbdd6b14f303646202a4b751a8d3475c51c13c470462d5b872798

SHA512
145a931c931a881f45bac534d98d870d121afd9b4b2bad5656eb1d6af526c003ea76d749868c0e22a1ea087d2aadbbbc82964c2dec807f8b00961f60279155a4

Download Submit