hxxps://rb[.]gy/1rp0z1

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rb.gy/1rp0z1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
3176	msedge.exe
3176	msedge.exe
608	identity_helper.exe
608	identity_helper.exe
6020	msedge.exe
6020	msedge.exe
6020	msedge.exe
6020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3116	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3116	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 3516	3176	msedge.exe	82
PID 3176 wrote to memory of 3516	3176	msedge.exe	82
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 224	3176	msedge.exe	83
PID 3176 wrote to memory of 1188	3176	msedge.exe	84
PID 3176 wrote to memory of 1188	3176	msedge.exe	84
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85
PID 3176 wrote to memory of 4712	3176	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rb.gy/1rp0z1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffd90b646f8,0x7ffd90b64708,0x7ffd90b64718
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16181781282661223728,18300365022894374225,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8 0x3d0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
d8c5a33af7d69b5079af17d58f12506d

SHA1
772efdaf7d219e2e22e86393d4fd9a59b94793b9

SHA256
c950b508b99e630d32199a667c5bbfdae19a2eb2259cbc8bd8e174e4589dd894

SHA512
703bdccabb464e23ec9875451b1b53b66042277b69895bb153617163569a95105260b47d3a26636e27e68200950579bf59dbd686baf7543f9802ad6b56f29791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
57590f9e10c1d744d51dace17271a96f

SHA1
93afa6340758b93d551abc6accaa4c6c689e93c6

SHA256
08150457539f288d1412badfe8c3d20932287e08e59dc275c268e7a398c84fb1

SHA512
79653b1d0cf8ff80711c7703cc01f5a6f16c71ef9392fd62134f541212a857eb0e4ad182c39742b438bf7e0a66b5819df5f06ad8d9a202eb953bf8c949251872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ee0b2571316c9fd8c1db146606bcb96c

SHA1
a1732ade6475f1cf3a4a04c65d01302b37327b45

SHA256
61e388708df6b3db5163fe31b2f5b571b247ce33e90a437a52390578ffc50f2e

SHA512
908552c921cb92d379ee669db198a1f988f689a070409737d6d11a3e32a10db90cb2dff972f673ad3428008b2557f15600fb7ff65448ab68913a6cf44d665940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
46932d4909b1036e48cb93229801684b

SHA1
6b93cf4a13bbaa44c36bb01f3e10eb93fd869b6b

SHA256
6721bfedb6f1f8b62ec5b3378c8358fb3a0d93688efa6e2c93b1f80fae69cc37

SHA512
81bcf42d29f34dcf08a3f7b2b48692d7e9dd8c56c99cda1714d5cd7cdf7116a252d49eee423c8a59704022ad9f33c5f9212ee091a16e49e928caf266d4e89cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
edde6ce185f18eb00ef52078ce9627a6

SHA1
218aba33440e4855c8bb758612c12b8ca1a7e392

SHA256
d76a2a18732d511a4cbb81f64ab017adae04fa6155b58b3d81dcab8f057169d5

SHA512
1e7393dfa005e85ae9f79996fde8932c5034ac3ab9ced18df430a3c4590ade93c2351b4eb9e261b69d9d9ee4f63249e586e426dc226413e692ea2c9a936b319b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0639759c84de3af397cfa0aba8f107b7

SHA1
97f5484922195900ef01928a5562f8f3b46529ea

SHA256
fd7c50cb5e22f23de11c70dd192e2d12ff08a0007fb3f8a0557bc3d507185583

SHA512
0bc3eb28025a1b8ac48250f775fe771429f6eaa12b14961351c5d9a5413ea3ed2e9b997bafe3ed118fefde27cabc242dce1b3df4e9bf0c52170de49bceb0c7c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5f0efcab-af15-4c3a-b479-1eb63471b629\index-dir\the-real-index

Filesize
624B

MD5
c0fe0a46c971812f86900a951428cb7d

SHA1
893cf4e3ed897616a4b78c9071935d6a59cdc0d4

SHA256
558ba4d0e8e776cf73e0d53666219b36431f1122b4994b480a7c0b4ddeebb3db

SHA512
5610e716269e7eeec088d7bfad38ab75b26d7b200e75049b5b9f0037783b9eb00f70f44d0f264aeaebd0d6964e41138774c10bd2ee29482683150669abc5afa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5f0efcab-af15-4c3a-b479-1eb63471b629\index-dir\the-real-index~RFe57b2c5.TMP

Filesize
48B

MD5
27c8768c427ac762d66f0d47b1993a01

SHA1
f8c1fb0b41cdd674dab22487d22d14d6750f9d9b

SHA256
1d4b92c20f1918a545cc17be5aa909299c6c3af3daf7c7e82bf690bbabd784b3

SHA512
797b43e1b94f43467890f6e5566a5559ffd6c1c4770909fa5b33498923bbcfc01e688cbb1d5c29a14cfef9fc2134881fefee9f0c0c05be443b940c0cdc906697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6b4a5ea1-fd6f-4949-b375-646de74d656a\index-dir\the-real-index

Filesize
2KB

MD5
4980848cb28a14feb33a18da7a1f8ca4

SHA1
22fd35ca86182aac90d600d46042c8158e5fb55e

SHA256
bde29ff57346d4eab825f74890010f0c98d3fa4f92ca50ce025b71f781b57984

SHA512
958206c6af42c497a606da1b8c58cbc93991811a4ce9a5294867f79f83c03d0881b9a428e372d8783edd979473454eed6d7d7d5b3c7c4e1e070ca1d5df37c34d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6b4a5ea1-fd6f-4949-b375-646de74d656a\index-dir\the-real-index~RFe57c0ee.TMP

Filesize
48B

MD5
01df7e856d80ed9efd8e2f4886afe79e

SHA1
77bff817a7f7facf76c8e1cee8a0dbb32054068a

SHA256
56d6e23da5c1bcf714da3a811f3ccf9a2c07c53f3602a6cba3ed76c9712f502e

SHA512
8043a8abb2e4acecce4f1ce90be96ee5e2b145a8f7150e3d70015d7fc595711087610752b799f5e7bd512c327b2e06665deba942f3707d2bf1debba63e0adaf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
205a9ea43e45bb3a121ab67269111041

SHA1
d9677e38a37f0e65f0b97937e532c691816f9534

SHA256
970fe3b802a328c8ea1bfdf1c17ed7dfc17cbfd7b0c2d38fd7badd31a4bfbd84

SHA512
be1fde91494c4c06f8a66c3e7f302b1859e5872feb64f62668eaaab48dde9de1956c964706758058078fe2a9d85bb90cfdde1df37716ca45106bd439cdf90f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
8501cb3a116b71a4442a0fcdea5624fa

SHA1
85a55d01dd17a9ca9cc1b91013c4258762e5ac2d

SHA256
89e2161723fa9c37f019beb515d5f8dd85751190667a6b97dd205992d1920adc

SHA512
60661e436f05f16ffe12769fe5db6c44198d6c5a85a00e68b6ff6e49705fdc120e04e7f8ab5d63317e4465aa70bc836dfc929f805c124fee344780c6430486fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
0c718062b19261df1640be0f4a720648

SHA1
795e2502af984286e53483be7eef3654904f6215

SHA256
81d787c9c46bea160b87c03421a0a0bb05aad3e1cc99570229638a356e284891

SHA512
f17fe7397f8e49f4c811f45e1e9eb8e53c90220b4c40e13846655ccaef8f9dc2576778716899039c00ed0000610423e73a37b2c0e6096c3aa059fe9c358c8822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
3ae9272e20d2355a41c7989c75189310

SHA1
56cb64d42574ed43d64c73c1e3063f77559c1f08

SHA256
f425b65743847161d326bbc1d7e60b0e69cbb36c3e1303aeca0a8a3e2f2dc7ed

SHA512
4373f9f26155e609dec08a414b2998f48ef7d9401f459c4875c7ab6da2c34863ba6e13db730a2d038ffa04f7e9a2a04350a88bbccebdcb245931508791680481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
089d4129e4f2d44ef1101a1b62864304

SHA1
326cf0b2c493d276e2460a053493b5506a2b449d

SHA256
bd179678314f2963171f46aaef5118925da8625ea2aebf0db2cee554177d907d

SHA512
300959f6c13af340984f9d05df81123a0bee2998ec74387b456de1c45582994209c522fd12adbdc78ad0eb175306a57bc48dd595662504e63d36ca79983d6a0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
200ef8ee16c3f2263aabc4da99bcf47c

SHA1
3091ca1a3cd2a029679457fa3bdc0136cf9b7793

SHA256
af35179ab580e9287e322054b55b0e933b34ba1651f5133833089c42954cc9b8

SHA512
1ca8040f4b5936b476a8f65cf2a9fbd8fe6732f52f2995086b6da353e53a26b19145b0bcf1b9b66fa8ef85dd2b825ab0fbcaab215ad9cecd5d4286c94079357f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a79a.TMP

Filesize
48B

MD5
cfac133db4c738b64cc632cbd617fb29

SHA1
17766d97ceceae3fd142ced3ef2335f65bc28319

SHA256
0abf7636df7ca8872b625ea9434c8438cf44905718b805a9174ddc8d2b7d0579

SHA512
37b1a822e16329ff3727c5a8c3c84c75e4859d775867983a2636a86cdb60d28048f0140dab862ae68250a13011e920eca1fc4c3dec1197315454ceecf173d5f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dee60ea628c30971b37cedbd5031e62d

SHA1
d8669eaac26fdb9f4a06828cac81f24b3dea6b3f

SHA256
a04d1bae482f6e09e5f6b6545b7427356652eb4c580a8bb6c69d5c2e800f9ab4

SHA512
7f2739c206fdf7725b34becbd609ccec93f4bb45a97c6a43e69b0ee6dd5340fde889f07b7bdd2e098bf7acd7181db96f622649e1f64ede0ee0ab524e5f1b83b7

Download Submit