hxxp://grevenmacher[.]lu

Analysis

max time kernel
149s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://grevenmacher.lu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2900	msedge.exe
2900	msedge.exe
2916	msedge.exe
2916	msedge.exe
3712	identity_helper.exe
3712	identity_helper.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 744	2916	msedge.exe	85
PID 2916 wrote to memory of 744	2916	msedge.exe	85
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 216	2916	msedge.exe	86
PID 2916 wrote to memory of 2900	2916	msedge.exe	87
PID 2916 wrote to memory of 2900	2916	msedge.exe	87
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88
PID 2916 wrote to memory of 4260	2916	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://grevenmacher.lu
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb7ba46f8,0x7ffcb7ba4708,0x7ffcb7ba4718
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2732 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,926947863914712752,14647837619469855501,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3516 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
328cf9d51d892fafe7a96a13770465e3

SHA1
a6dccb82a70dc067ea0832d984e7d09a86884159

SHA256
c5876da8d1e0519c9a31757a686f9a43104113acf926bb0bf4e44d9db1ff9ca7

SHA512
24c4d9f7e8f93daf64d8db85cfb2a557775de852027aa75f726d644f229fcd59ee24070eba3e9ac5237c71e82f0ea9b79e364516cade35c2d8bfb23c879aac4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_widget.echo.lu_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
6a1ec3a05366eb5847913cdcca9fe108

SHA1
2c99596baa5a64b9b26e472ba67a1e4a66857f31

SHA256
682c76a8b2ec9820b9c6ff42da9c4f04f3e5e27eb214f08ebe0be05bf2fc34ff

SHA512
c1f7766d8cf7f3e6b91648c55568dedc95e518f124fda6f2ba49109a6003c30092da3404604fb2be734f93c33ba006d783e60e39760594cfeb86c37f1d08149a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
05155d85cd59ae3d896ddf946f585f16

SHA1
14faa958669894aa5078d61ff9e4693721a54e5a

SHA256
caec588f3e0c1120c0fa30ee2f6ae510b7fe0e3a739ff39f570c793241ac5f21

SHA512
38c0d6905211c54a5ac1c495db2614c5b296c5c91c07319d86471e5bebffcc53d7f8a5d7f6238fcf13d1d8612ef0020869a946a8989869b815e81ed183ce34b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
efd56fffcbfd97e772b37f1b94468399

SHA1
c23cf7dec65af55adc9b77b3e038da1891ff6f1b

SHA256
e87882ab57887df28baf88d1a02fc0f1f0a49e292fabbcf3a9c622c4ddad0b7b

SHA512
024417df40c2536f560e7ca37a7fe9913514aab60791d4e0eb3a16c3f72f7910735320f2b1793572a46d6dd2c195cd5e55e0f77fd99246cf74e7904bb37e7c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11a71afb914a98cea630e28e3524eab9

SHA1
7bbcf34729b45053d3a283546d93de64669a6ce8

SHA256
bf7f8f154c05856b26e2c7a159ab31acb4830ce7bdeaa007059f8d6cab8727af

SHA512
3723464ec974453ce44c0037edc7ecbeb6e1598fbaeb64b16741cb91dcca17a3bae731a60a3c7f22163bb68a11a0a88c6103977bc19c5576f73b8ce1c3dbba24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27c64cb4148a1eb0abf7141370baf6e4

SHA1
c902554e36001431a172ca21ae76875a06c57a2c

SHA256
53993c8b62a4c8f57a0acdc6346d2f7adb3d19e3f7d44b0730c7f09723530149

SHA512
4685671928b1224bf3a3d9df56e5ac01a71a0b60d77c91de1378d4e5d67b028d1ddd81edc2242a482dfeaf7b1acff3c628e60867fb73d6bf51463b6331274eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2384f4d0bbad1ba0f3fca1803384161f0c6f8eba\18d2add0-74c4-414f-8d76-c973a0eeb7b6\index-dir\the-real-index

Filesize
3KB

MD5
bfd5a9a77468ff3f5cd13f857271ae1a

SHA1
2ab3ca34a7669571afb293e7b1545996b59049e3

SHA256
e9cbc6b8da374dd627847a55b91fe05e8e8bc43f044d62410d2fb82cb3f02ca7

SHA512
c41ee4d2fec35c777744baf3374197236bb491f24e8c71f776ffb5768b8e0e6c741a9d8053debcf484da8ad03dea318267f87b7a0bc70a0d82f98d414cc9d7d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2384f4d0bbad1ba0f3fca1803384161f0c6f8eba\18d2add0-74c4-414f-8d76-c973a0eeb7b6\index-dir\the-real-index~RFe58bd5f.TMP

Filesize
48B

MD5
617021930346ae1773c344c83dd07bd8

SHA1
6043a025c7f25b2fda67dbd72994e08970410360

SHA256
484af0aa37d00e69ea80a7f02e341a6eb6a5c34b153edf9342efd6e52e5f2a11

SHA512
8d7ebfddc0afebcc5bf304b7d03cf63f446e7b5af2d31a2549f16fa71efc000624a7fcea5f29bb0cf5c3acff99c45a62f765467c3b15faa652bc9e31c74d2353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2384f4d0bbad1ba0f3fca1803384161f0c6f8eba\index.txt

Filesize
119B

MD5
a34c1ea8f837c3461080d476110e4688

SHA1
8f299c7762d15e9cd1934c08f3495b98683bd44d

SHA256
5c320b5015792ef9790580106b57a8bbd19dee2a71867cd6cae2624dfa0e042f

SHA512
359f580163f39d7338b2dce6fa4232b3e180ad476937a46bccbafdfd9efd5d470df9a99e103e718aeb75803ab0d9d47ffca0ca923912de3505017a14b56b9d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2384f4d0bbad1ba0f3fca1803384161f0c6f8eba\index.txt~RFe58bd8e.TMP

Filesize
123B

MD5
450147e26b89d4ee723df46520e26d20

SHA1
b2f337c36c4560e1091cadb02b5da82de331e268

SHA256
0a548b8b86fd0a660fbe9f543a265c0ded77b5c0db83651e4a2a1788c6641263

SHA512
416661e114f0fbb1d3ce991d99b60216a240ebf8e799e090cc03d729f7acda0fe30252f6d4b7d226f5984d844db2eb5368b339c68f4b3f67513433536a9dc6e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
8e94796b01381130d4a6ada0dc1249e2

SHA1
303d0a3ff1926252f657aae285cf43e8751f8f6d

SHA256
59832b96e305a89721b64a0fb038e9e8c3f3fa16a0b3ae26b87fb0963f3a2486

SHA512
8dbcce63f667fda1264a65aa7192db3e4bb554404c1e5b6b846994d0fd1f8539e616ae3ffcdf33a4d581d13b24726d53f47b313e788be962315bc1ac73706230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b447.TMP

Filesize
48B

MD5
c2b838f1973763a7ba1b69639e12cbc3

SHA1
770105b8e036f26e1138ed78f069c92f80e0c47c

SHA256
2b3965a83093c8992dd40a10d5957490baabe7cdc3f5c69446be0e0b18510378

SHA512
8ce90577f66a2248a98337436573135aebc32fa1462e92a83cd68702be85ff143e69c788423120ed5a1a3e46b7aa85bfcb7e7a8fb1546540c5ae3a71cb46d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
45a2ecb9cc90451419cff1c284feda19

SHA1
76dafe1da54cb452b8c51ca4e640e67f3bb7600a

SHA256
707d7964e09420b7582abf77a95cd20e7ab8752429376901e8a8ca7624aa0966

SHA512
dd52c24d7c47b7905e06a524a0093bd0226bfb0d334c479e970f0e0ed516639ff01f3cef8bfbffe25662705bbebc02fc044cdfe414e92d1cef40e45ef42bcec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588f5a.TMP

Filesize
1KB

MD5
8a952c42d4f21c600af5516189749dc6

SHA1
307f65eed78880d22be1e1d3fb451fd64c5c31d9

SHA256
ca4ca9ecec8f3dfa4c1523b876a38a0141763a6155d335ccde964bfdd630417d

SHA512
33e2fd4a355e779630a5955fefe2580ebf5faf1acdef4bbd9e59532426651c46ca6f7d784dd333cfeb689333c7a3851ca45dfb1f35f94e3faf8b0ec679396ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
85bae63b8cd9218d10abdc03d22ddec9

SHA1
c9a18bb057f953c8b76f23215fe0403ebd12aefb

SHA256
8442f431128af9224810f3f243bb308f3fa5c52ca80c892506f8d8a8693c42ac

SHA512
06a77824a8d0a078c6728db85438f8d1d93858334f8b2eef7114aee9123102e9719385c88ac61ba1b81fa4b9f74255982363218d9ffe8da8b4430e2691b1430a

Download Submit