hxxps://rb[.]gy/7gjwwa

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rb.gy/7gjwwa

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2056	msedge.exe
2056	msedge.exe
3568	msedge.exe
3568	msedge.exe
1576	identity_helper.exe
1576	identity_helper.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 4392	3568	msedge.exe	82
PID 3568 wrote to memory of 4392	3568	msedge.exe	82
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 1516	3568	msedge.exe	83
PID 3568 wrote to memory of 2056	3568	msedge.exe	84
PID 3568 wrote to memory of 2056	3568	msedge.exe	84
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85
PID 3568 wrote to memory of 516	3568	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rb.gy/7gjwwa
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc310b46f8,0x7ffc310b4708,0x7ffc310b4718
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12980889576834806029,13478336250065893691,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
38KB

MD5
9f2cfec6f515c29a912aca38fbe84f65

SHA1
a1c61cd44073cab0c1cc2b5c02e4a099f82b95f7

SHA256
cb23d3583d5d8659b2d2f22a9426d925c9e85b117cf04a4a83566f3fb5ad67b9

SHA512
02a98f644dda934504a0024dbfcfdc1ead7b28506334636ecd5fd20ce232048d0e317b5a301a7e3001a9c44d1ebf95b00d923fb234cb52bface51b50cff593bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
858d0bf38a307bec7097c34efb2f3af8

SHA1
4e65f1c4e4d6051da52e0fc9d51f4f04559a3cc7

SHA256
2d8b2a0d0085f0656aa11a4bf866ac5176eb7aca83a9e384a35992b4edaa27a3

SHA512
44ac8e9afa72a75ac21dabb2aaf50463294f7ead03233723272e251d04c0da09e4013e9bc9c0b34c221cb4dde0c202fa7cb3dcb7f74b4cc393a4329fd8409ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ada75f2ff05ad3ec8960093d3be8ca22

SHA1
e620f62cc69fa7ad103ea4033ba8b6dd98dd1f5f

SHA256
1f614ad0d385a1893463464309ea098db5a2ff72213d03d937e991884ee44637

SHA512
210466c3a9ae0d872c30d56867f2f3e54328ef6873393740dc1be016740c3b0102d83b7f3efae5271b3e987223edd51420632014be9a4de020c38e57571980d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6290e315aea64d6de8318524dbab0191

SHA1
222653b764b11b471b9699a17166a8040e6552a8

SHA256
b5f819032e3cdca0c712e395a83e2b9a5721704d6f74f8872436041d37d5b276

SHA512
7cbd8f5ee9c4aeaa3af205f70c898bb1f22b0e790000c9e068b16f34224d742e58ba1b82d22a7004b89d34d22d9e3e25d05a95203a7356c187251393b23dd417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4712cf1f82c905ca19d0ddc2bbc5981a

SHA1
ce1fee9163bb7ad6e5bedbff77c68aaca2fa1908

SHA256
9d04acbdbe81aeb68427477792783024f9d5ddabac54e18e488156c88e0da6a6

SHA512
ff62fb3b3452477779742f84ab1b901766b71dade3b5f7580b7fa4033b67add04be9b31f35eee5fa07d7172e39943b6dfae3f941beaf84b675fa7f415e4078e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e84e4ed48e27f99763999636c0d645c

SHA1
4209b46f365a28b0dd158fdd3bf6cf92418921dc

SHA256
2398654b3ff32d6ec54082608289436f3a86ce904686ca0a49c7dc6cb6141eba

SHA512
86e0c35472d0ac1a3aaf931ebd7037f6b1c1c3c6a07aafc74c29f101ff79c1f969bb3909b4ef0393f67de4e30dd6b1cb6ea7e4e0360cd68d264a3c20cd554990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5414104b589e4326fcd9ed577ed2e66ff32e6b2a\5d47e7be-e5da-4081-b58f-1b45af6179d9\index-dir\the-real-index

Filesize
456B

MD5
716f2165f8db941c86aef19368018bc9

SHA1
3a5acd9a8c25c786eabb3b415ee11b10b7fc278b

SHA256
90c8421487e13b49907dc30953a198a19b23b08c5cbe29a4426243c0d9fd212f

SHA512
165c1a40771859ac3a0f22058c397d972cba27bfa7ca7adc9915665e4929cd0193150fba82f29fd98e54c10161111eae77bf261c3076452e425ecef325eb4983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5414104b589e4326fcd9ed577ed2e66ff32e6b2a\5d47e7be-e5da-4081-b58f-1b45af6179d9\index-dir\the-real-index~RFe58336f.TMP

Filesize
48B

MD5
e256efc35c1517662ad416dcdf22cb60

SHA1
47513527bce45b7da08cf0a5579889f05097e6ef

SHA256
120aecc8dfba06a822a9081e3aab4a7333a85b3be2344d092554c579f957a31a

SHA512
de9a5a7c2ea6abef8f22c1a0b4811dd4c572610ce8fc2d8156f0c613d13e2d15024afc2e9329bc076bfcb524c8791d746eaf211e6c18b007b9e2c3ac53ca0980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5414104b589e4326fcd9ed577ed2e66ff32e6b2a\9c363e32-d5e5-48d4-9443-c1a39b736e66\index-dir\the-real-index

Filesize
120B

MD5
f45d53c5592ff2ee83ea3f41d91ee3fd

SHA1
676a4cfc245185bc7baec8d8df961f657afe0cf3

SHA256
2f04cbe82d3c28d06efaae93a5f1b1210a08d20f175ac8e666059aa206ac8326

SHA512
0fb5897c0dbe3c74cc03f991dca25cce8f887a1ee269304e0e501cbb69ad1657699172d24a18b9266bc9a102ce136a2699d37a3728a84a0aab5d76143d6b36e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5414104b589e4326fcd9ed577ed2e66ff32e6b2a\9c363e32-d5e5-48d4-9443-c1a39b736e66\index-dir\the-real-index~RFe583e6b.TMP

Filesize
48B

MD5
909889fe52eaf015a6d54db1df825cf0

SHA1
9a2b6d813acefeea83422d2413b37901c872273d

SHA256
b83e92ad76bbc96a45c474a79177f391ab03561b79f79e0d89a73965752b120e

SHA512
2d999a459f6e9cc2d56ad806cba0578f9cafbd6682f583fb58d27c06e5fe02b2580adfea1431751eccd806fc3ee675871299e0362117119819fc21f7f7ab6161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5414104b589e4326fcd9ed577ed2e66ff32e6b2a\9c363e32-d5e5-48d4-9443-c1a39b736e66\todelete_7a48c130a6a40c0e_0_2

Filesize
142KB

MD5
6dd1fe918315e7c20e8191bb2f94662a

SHA1
9dffeb5f12bf1657d6f2b00ff8744ff4f7b74ed5

SHA256
4e339f5b40c9a3252a816162b6b4a5aa117c2145fbeed63141f250e5f8d9c33a

SHA512
f8f7166b6ccb1dd042472d2fb414e02656a9ebd4548bb766202015db818b3a16ca48438202393ba19a7dc5673928c69a369d3e6ad783f4cf0ddadb3526697fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5414104b589e4326fcd9ed577ed2e66ff32e6b2a\f7d36c8d-870c-43a3-bb0c-5bae59b7425d\index-dir\the-real-index

Filesize
768B

MD5
2dc02bba408978c439b703a5630fb667

SHA1
be35aeaf9bf95eddbe9c2917c398061c8edf8abd

SHA256
0cb79969bc881ba055cb0bc2b0b7acde91504493ed6807864931cb986dfa071f

SHA512
25746b1f8111f7644436e0f7f31ff1026a0adda761a8e4ab38fbac9f2c09804bf108b4146634abf200ac1c2c2f7cbc572cc26bc7e4bc372bf902d5a3d607ccb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5414104b589e4326fcd9ed577ed2e66ff32e6b2a\f7d36c8d-870c-43a3-bb0c-5bae59b7425d\index-dir\the-real-index~RFe584244.TMP

Filesize
48B

MD5
e6d09ec73748e1cc77f5b00454323fb1

SHA1
125d14d691878597f04cdb6ff8a372a21171cba9

SHA256
0d45e53264e8040ccdab6227d38a61594b258db111df82923d8934e546c7ae67

SHA512
9149c8fa2f7446beb81b2bf0d0f5494a34379d5a3d0a5a0e9edef00ec22d66fc254880b1e98ea28cdc4a105bfdb623a5abe5acc18c6d7b9e1a602e89c40095e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5414104b589e4326fcd9ed577ed2e66ff32e6b2a\f7d36c8d-870c-43a3-bb0c-5bae59b7425d\todelete_7a48c130a6a40c0e_1_3

Filesize
288KB

MD5
8b9d1c434cbbff80e7a4a3e7a0d9b9dd

SHA1
31adf5067fda78f945bb10d728360f2fdbb6a0b9

SHA256
97161d85e30cef41a5f0b09a490409118d72fe06f993408d9b9c068344b29808

SHA512
1d5b911c00624b52cc777f79b3183c8eea2702b02704fa3c71b6634bbecb082705503fa373b08ae1f18eacdb6b70755a2d5ca80985a615eb68ec4f198ef68aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5414104b589e4326fcd9ed577ed2e66ff32e6b2a\index.txt

Filesize
108B

MD5
d8440a487be3ca98af64b7f2b2aa4ea4

SHA1
86995325a61b98823f83f8478837c012a36fbd52

SHA256
910642976fdfd543cd1e22f673952b76a08b603265378a05c0f90daa3069eec0

SHA512
318c8b8f1127fbf36d13eb918fcc6b1c83316984af67715c596f05480933a82005ca24cbf03b99f51b2568d2a08e106dae00665cd98b17f67ea2075c59b74acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5414104b589e4326fcd9ed577ed2e66ff32e6b2a\index.txt

Filesize
178B

MD5
04cae35537189703013e682f6cbf442c

SHA1
0168131c853bc959e5cc659fa040c8432e6c8a3e

SHA256
e1bc75eb36429c98788392454d7fe8dd76d43b4344e5a8a61d305f9892c1297b

SHA512
0bb594ea6daaf8308593c734847ded476af58961a27c190a12179e9f5e1e7126fe45e0b6a2d9bf001f79db9c03ca848ff20409c4fa289f1f64764c7b1c63d190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5414104b589e4326fcd9ed577ed2e66ff32e6b2a\index.txt

Filesize
244B

MD5
a6d9cb7e0e1214d24ca6e9d2a11f43e3

SHA1
3dc231250502b68b23aa708fef16ec9194a1295a

SHA256
8eb27283ef3120b44b46a3385120031217f8222f28377ca59d199241db152569

SHA512
9be7e93d176d3b0b74cef813dbe3ee9ee4ea455d8d4906b51a31039ac6a8b5940ca8ab04463b8ef3e5dd0968cacd4821ae180c3a8aa465d27cbd9e082a3ea489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5414104b589e4326fcd9ed577ed2e66ff32e6b2a\index.txt

Filesize
101B

MD5
fc278f6ccf2f55e8926b7a4436c05642

SHA1
5497374cc018dbe2e1d1b40e80db09aeced41dda

SHA256
adb81d877e35895a5596c0d4b1226fe03e4a31d4d28370cc4f92441eb41461c9

SHA512
8a62ad9fcc6d62cefdde329b2f4bd22cfc4ed7039ee6a377c0e719b56068334f89d6590d34c0f614efb6fb209adec7da69944b9bc6ba4eadb0e47558bca15a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5414104b589e4326fcd9ed577ed2e66ff32e6b2a\index.txt

Filesize
239B

MD5
5e615737f986de50e6955a62d4d6adde

SHA1
86d37559dbf0a17ae997806f32d9089b91540e01

SHA256
8e05ffb84217b3c3436b45575d99094d8c7cc133c0fdf474d8f574ca6711ab4f

SHA512
0a0b8e556c0939ae710e1dc405eee616aa087f859c27d3be9d85f0b59e2247d075230637ffc3862b7665d9ce589fd68c6b50f17ccc08ea0226d76adf9c6741c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
f933bd0fa63a5a01b5cbd7bb7f3a14fb

SHA1
92af9d33f42a5a8669684a02ecb4fae391f63c2b

SHA256
0f6067ae952619c6b16f3c88e899baa766dc07e4262349bbf352f8a7de381c45

SHA512
e55e8fcd062a0595a2974c8a34aa07c48abc41d04e1ae15eec4d87499154fb3d3d0386cda349ab53f8a9a0faa60c70ca36c195ff86d228d588273a19c9fec64e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bac4.TMP

Filesize
48B

MD5
d252bb125c6d74d9a445fef9e4197e12

SHA1
c7511c570ea5429d31f81ffef661eca140a465c2

SHA256
d76a339ca833f98c42584736a9adccb37590cd5c1949c2326cd20213ed3ce1e2

SHA512
83c080942db72f3ec46dcd0a8340923d738872f96d02b5b4fd3a8759d84edb9c39f1f8b0b04ade19a24afc8b6ca3128655fd54b664fa19eb3921358f919a45b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5021d23d20af83e387289f39d94fc5e5

SHA1
4d35717d4eb5e18d54df597ba8c77eed73730b08

SHA256
4f5295f441f764fc9814d883432d77e41d04873b71e6edc8c7f4630749276c9e

SHA512
cc8959689dc08e229d6bc1a395a9bb62897c6a066b354654ee879869f9a634923516e671bb557217263db6536b6efe2894ed372cd1d10786b8ad9e5b083c0f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11e499384800b699f584ec26f79a56ab

SHA1
a3f1ec95dfb4c826176cc0dbdfc671c4d27a3df7

SHA256
1c2743073de3a39e03f9f4fd0109066c33d1ab0ba83377efeaeb85ceb9cb926f

SHA512
f5dc2f8c498ec0b67c61dbbc8b100110010e894f7bc1fcc96a12574dfd2e884e2a383bdea725d826984f3482be09465d013047be3035093866a3ef11e3561ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
64543149afdbe17189499308e6c65268

SHA1
c4f225324cbd8b170669708ef1af282fa3d8bd29

SHA256
924c006a3f1f60f4d776577b1d1a5dc3d0efb7025fb070487f4fa165f3510027

SHA512
c3296e9b61d136d9392128a0aaab3cd76e866dc261575098d366a50bcb8cb0ad8f37e64088e4eb531f254d077e6026873d243d6750503ff6c724ae6ac0adcd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a85b0416f0fbeb9911b1f58c03185738

SHA1
4d3520a486e079ead06b6afd9804c740e5fc5ca4

SHA256
408384ab6580231bb956bdce9d88fbd3fa31c52e315873ecf1465fa30a83cea8

SHA512
0cc328deac1acdccccfb8a8fd8d839896bc582eecd3ff3f9655149edd58211580a1b09b67197dba8b484a7bf6c4e21bcc888b1a12d6fdf1f8737a2d2f224537b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a827.TMP

Filesize
1KB

MD5
2fb348e703dd58b3cf94a4a70cf54afb

SHA1
aa4b962cf23b00cf295caea66d53ee37a3c995da

SHA256
d6fa4452735fba9e00b431d5eed242b031192c3f899f1abf948271916134395a

SHA512
ff9f93900ba26d52854f6f999d79e25ad3a12bb68a0fa749bbccfb10132e794fec781a687a92e0191eeaae37d83be013046b8a267a0f06fc5bd08eeb529774a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e113f049a5de5a791599a10760872754

SHA1
66f7f362b175ecb21e5a11dfe6fceb366e0ccb1f

SHA256
86d59a342b7c97294034cfb5851a53b90087bd9a7f5054036fe1e2e423c3b8c7

SHA512
f35f436edf6099b54e884839e5883905b45f85f48d86eaf14ba18d58fd8ee3c9ceef9098e1bfee9ce964ad48a0ee39ec7fe6ad0ef390651742e34fb80077440a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit