hxxps://ngko[.]ktalk[.]ru/kx0qtqpnh9jk

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ngko.ktalk.ru/kx0qtqpnh9jk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{1FF6DD8C-2858-4DA3-A9C4-377226F89C14}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
2256	msedge.exe
2256	msedge.exe
2236	msedge.exe
2236	msedge.exe
2524	identity_helper.exe
2524	identity_helper.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 1112	2256	msedge.exe	83
PID 2256 wrote to memory of 1112	2256	msedge.exe	83
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 4508	2256	msedge.exe	84
PID 2256 wrote to memory of 1360	2256	msedge.exe	85
PID 2256 wrote to memory of 1360	2256	msedge.exe	85
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86
PID 2256 wrote to memory of 1412	2256	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ngko.ktalk.ru/kx0qtqpnh9jk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6ed46f8,0x7ffea6ed4708,0x7ffea6ed4718
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5677602110735785027,8318072307305808407,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3bc 0x150
1⤵
PID:4040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
e56bec23b0b6cd99696fcf446134f030

SHA1
276cf768a114b0c0172d36c7bc127cedfc5d6bfd

SHA256
c04533888776f5e64e113dba931bd595cc6e0bfd43ab718c2a82470a0838eb63

SHA512
0d44ac4a049e9a7b98c5d9e623ae2af5676620f969d7bc2e632224fb3f7d2f510b976e5215683d2a4503da7eaae662f1acef154121d5bcf5e609a34bbbe54453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ngko.ktalk.ru_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
333B

MD5
3058d0796e969a59d82e2a0e6207cc28

SHA1
5d4f4a566b3d1a80bf7c44c5de207437aff443d5

SHA256
bbab46e2061edaacc72372bf8be3d9f83525c77700fed96f544a067dba3d1148

SHA512
8eb03ef83fbb05e69d17d26d031f7921ab1db0176ba5baa4d1da1406ae58d9b6a86b1680a91d13a5d802a6f7cc86f2dbc420c1d95a7f0cccc0313da8a8a75c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ba14c576ff2cdd25d1e10b7789514548

SHA1
005f0deaaf97c9c25b83796e643ab46dca9ae90d

SHA256
1b7df7c2a427b378b92f2b8177241bc1d5d0bf26a752651d1567109609778ff5

SHA512
129074d1e691367829a09dd581e4a5d3647850645f8e008d08e352e244389a97052ece6cf0cc30d70db3dafcd2fe4d537216c7da5ac5fdf195467aff78d40ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f936e07474f8f3c6299b039f6dbb0b08

SHA1
dc59590972fc29d11f72e9fece497a5038a89c08

SHA256
963b589f363794dff4f4d848e478e211a5e01aef59c4599199893438c83d6b4c

SHA512
7a1b74d6819fac768a0cea0258550fa4828e514cd811dea2ef249af46a634989860fff4f95a24cdf17d666eebed9df1996e369ffc340d7bd24c55c5eaa20be7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3c7558a615c39c48dae919d160ad4b5f8bb0c707\7b9a93f8-8c0b-4b9f-8ae4-7f4be98e34cf\index-dir\the-real-index

Filesize
72B

MD5
57c9668ce97dab7372f4dae00e5f0fd4

SHA1
78d630b5947ce70ee6cb76f38d3e50a9373cac35

SHA256
509d29c0ae61cb1810c90900276878ddaececfe30e7b5dfcf9ff86d780477f19

SHA512
9abc4583d125dc153860671fb062052c8272576d299426ec981a93b8a72cc53435d483632abcbdaf311d02da6392531b531c74b18b8504c92fde69cb2dd84189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3c7558a615c39c48dae919d160ad4b5f8bb0c707\7b9a93f8-8c0b-4b9f-8ae4-7f4be98e34cf\index-dir\the-real-index~RFe57b9bb.TMP

Filesize
48B

MD5
a976eceeeec9697488f75183b42577bc

SHA1
e5c3f4a15810704c551b7b4741f3b4c36b20b69d

SHA256
af1badeb827a6a016a88b145f38d2bb7f3e4c2b268a89fad503f4696f3a8b8bc

SHA512
0d35257b80c79b77b174a544cd1838d140812da1ffaff8f98f74580ba290e0557e4bcdb56862867fefd8f102a1182fbbfbfb3a1ab0154d462d76c8f4c64040e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3c7558a615c39c48dae919d160ad4b5f8bb0c707\e69bb0e2-785d-4277-ad95-459fc6e0c0f4\index-dir\the-real-index

Filesize
72B

MD5
9be5d5e092e10bc47a64d2c670438341

SHA1
74b35b8cb3522334452a9c0d4eab91829b60b531

SHA256
9698c0f217ccb723b62ced0ea4bef02d58617474988d6d887d25c0ce53edcf2d

SHA512
005e439a9c8553a3e2abb15fce13621a1782d90525907b0aa026b51764e27659e08e13439d4eafb785756f05387dacfcc05075177755c65f5c0ab56dc30e15d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3c7558a615c39c48dae919d160ad4b5f8bb0c707\e69bb0e2-785d-4277-ad95-459fc6e0c0f4\index-dir\the-real-index~RFe57b9da.TMP

Filesize
48B

MD5
c224f2c2fb3817ff4c2b5ea00d285a10

SHA1
27fb10d4d4ea0626ce16cc0e84677c76ae48e1c6

SHA256
0fd2e71b8eec905f9ff534ae2e399b2d713a8aa398f579f675889986e66bedf8

SHA512
e465a82adc7703189e148b7e667d7a48cd6c244fffe3e0d49f08d72b15910e466d88451977d1ca6d9dba7e138a490ca87441e0923f38f7ac870e7a317ceb0327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3c7558a615c39c48dae919d160ad4b5f8bb0c707\index.txt

Filesize
100B

MD5
137d1c9ca518bd25091748a3754fdf3e

SHA1
a5537cb1cd71b7dd3911895572efb17f23f4f66d

SHA256
a723ef769720da0e9ccaf8998a00bf92faf845916a60a554cd838547635e8d73

SHA512
142ca0ed0bc205f4e05788fd15d4890dd3a1dc3b1b7028b16ecda1b976f18e9f444a7a1375984f1758129fdef3460f617aaaf47770b7427ddc29e26a5db1cc76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3c7558a615c39c48dae919d160ad4b5f8bb0c707\index.txt

Filesize
166B

MD5
a2b63df95fc071f72eb3f27a1320d4f2

SHA1
3a3b2a2ec1dd3fbc9ad5eb23c6fab609f93922a8

SHA256
0c71c40b5403a9f924d100ef372e5b789f33e8b8ba2eb765264d1f78ae88daf4

SHA512
3e187c56b190d305ed32d3938f323a7da5db4d28baf289c02895b2c093cdc20ef9b7eadd86955d48e775620f7b17e2ee29d034263818ab820aea8f269da54727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3c7558a615c39c48dae919d160ad4b5f8bb0c707\index.txt

Filesize
161B

MD5
f8bca8be8e2030579fca3b32853be747

SHA1
9524bec9b73b7fadb9f0a0d5ac3c4d7c3d1c39b0

SHA256
4fbd5a41f0f748011cda2db93dfecb746756bfeda3d15fe59fa7bd241c192aab

SHA512
5c70c32a6dce219803900b8f25b6bd224eaf04b9f8ed6634255c03fe9086eca64f57e84a2ea53cb395cec31c0873fe56ccb4801140901ad091dd54ee5a77c1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
04d7052262b5a50c32b2efc6b8f2c006

SHA1
b0e416851f4aa4888673a249249137208b14f355

SHA256
70fb894a635c8f152fd3561fbbd9cbbc3d77a6266d0d35db07c625f71da3c148

SHA512
4b4e08bfbd47ebce134cb399558e9d430907cda09d2932b50e544a8bcab5f71f55651f36e4fd36ff247c6005cb961fd9f4fd84e7155b4599bb56dc21a8f859e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b1fa.TMP

Filesize
48B

MD5
7fe96c2e112aa6ad3ada417103f9f2f6

SHA1
afcc92a951f02b19a13ac3f47a1c12b39ae02daf

SHA256
1ee4d1abeed53a7c887ac5540043a467a970afa7065694ab853110fd9f92eafa

SHA512
24a11a5239663823d9e43f35d1e652449f0c5090cf0bf7bfadbf2d8979872dae778fa21edb1262003d66d83830ed5f8843b902d0419baedd313a4f64b76e298d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
370de620ea43a4b325ddaea18085d54d

SHA1
dd5ac8a461e41182f8cb9792a45dbc329bd7c11b

SHA256
acf7a060d52fdd83fe688dd26dd41e098eef03e53e571df7333a082fbe876190

SHA512
1c6a95a7025b20d35935b1a597474e22e08efb2bfe5dca0505a33aadf26827943d57fc3b119d35f9ceb966f488e05095584eb3ffcd564c173d0ce096f633757d

Download Submit