hxxps://atpscan[.]global[.]hornetsecurity[.]com/index[.]php?atp_str=JXO3llrC97LYt_ypBDUoorYJESJf_lVgqG94Q8CbqZFSucjhJ8shDRR62UMpOfWQEisKw1UhsaXC2ei6wkJxZ78OKelMPUchf388beflwplmZ9bsAPTRZu8n2NfDqe2KOq7qiRxW9yxw4ZvRTonwJ07YfeXP0wQbvM2OFZWKje16pzGewsFyDVh5wRpEWnv0S9MgBr6GHEuMWbm1mAAXlTqLCgPJeXvAjfP8eHiPv4oozYP6pyTpRvkqdbjPLuTxQioCKIkn36kINOGd5zWy55BalBA1C-XppBzBxrZorCxNjXPTfp7EqG_ugHFutapq8UvczmG4Izo6I53rM9MZbHlXhpjq_iM6OiP6x3HRdgKt2jAlBNssK8G1

Analysis

max time kernel
145s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://atpscan.global.hornetsecurity.com/index.php?atp_str=JXO3llrC97LYt_ypBDUoorYJESJf_lVgqG94Q8CbqZFSucjhJ8shDRR62UMpOfWQEisKw1UhsaXC2ei6wkJxZ78OKelMPUchf388beflwplmZ9bsAPTRZu8n2NfDqe2KOq7qiRxW9yxw4ZvRTonwJ07YfeXP0wQbvM2OFZWKje16pzGewsFyDVh5wRpEWnv0S9MgBr6GHEuMWbm1mAAXlTqLCgPJeXvAjfP8eHiPv4oozYP6pyTpRvkqdbjPLuTxQioCKIkn36kINOGd5zWy55BalBA1C-XppBzBxrZorCxNjXPTfp7EqG_ugHFutapq8UvczmG4Izo6I53rM9MZbHlXhpjq_iM6OiP6x3HRdgKt2jAlBNssK8G1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
3164	msedge.exe
3164	msedge.exe
3372	identity_helper.exe
3372	identity_helper.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3164 wrote to memory of 1800	3164	msedge.exe	83
PID 3164 wrote to memory of 1800	3164	msedge.exe	83
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 1920	3164	msedge.exe	84
PID 3164 wrote to memory of 2012	3164	msedge.exe	85
PID 3164 wrote to memory of 2012	3164	msedge.exe	85
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86
PID 3164 wrote to memory of 1428	3164	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://atpscan.global.hornetsecurity.com/index.php?atp_str=JXO3llrC97LYt_ypBDUoorYJESJf_lVgqG94Q8CbqZFSucjhJ8shDRR62UMpOfWQEisKw1UhsaXC2ei6wkJxZ78OKelMPUchf388beflwplmZ9bsAPTRZu8n2NfDqe2KOq7qiRxW9yxw4ZvRTonwJ07YfeXP0wQbvM2OFZWKje16pzGewsFyDVh5wRpEWnv0S9MgBr6GHEuMWbm1mAAXlTqLCgPJeXvAjfP8eHiPv4oozYP6pyTpRvkqdbjPLuTxQioCKIkn36kINOGd5zWy55BalBA1C-XppBzBxrZorCxNjXPTfp7EqG_ugHFutapq8UvczmG4Izo6I53rM9MZbHlXhpjq_iM6OiP6x3HRdgKt2jAlBNssK8G1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab34b46f8,0x7ffab34b4708,0x7ffab34b4718
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,12742495671338383228,12024079157894312946,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,12742495671338383228,12024079157894312946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,12742495671338383228,12024079157894312946,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12742495671338383228,12024079157894312946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12742495671338383228,12024079157894312946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12742495671338383228,12024079157894312946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,12742495671338383228,12024079157894312946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,12742495671338383228,12024079157894312946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12742495671338383228,12024079157894312946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12742495671338383228,12024079157894312946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12742495671338383228,12024079157894312946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12742495671338383228,12024079157894312946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,12742495671338383228,12024079157894312946,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0195db04c4c661870286125103ef2268

SHA1
931ae9a8a1dff603a8071eacfe12be6e70584e05

SHA256
fd933475d8fadbb26cc1d3b50e135f243e66df370af30e594241f2d5ef80dfb6

SHA512
269c2d809bde4834403019aad06c933219d062bd9918a93450afd93a99232efdd74b79e124d9121e906017a4b98799be5c14111bcc31bd36e4aef833a79fc411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b0801098afa19c7e37886ccd667d232e

SHA1
033d84e4bb17801bb67c1982d933e7cbfd7630a5

SHA256
e6062c9036c714fdf518cbfc1fb780ebdea4f827017de848f4ec5106efcf7396

SHA512
051f65993b13c2299186d0a083387815744ca75397a3afd529fc9d7f42c25070e3bdc81bfc4a3f347b78bd0eddd493a3bc02329fa6017b671c0e815cc5fba5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4bfe88104fadb868b364adc9f19fdab0

SHA1
fc37174b97364018e901072fa6de81c1d521efdc

SHA256
140d6553b58421ebf6214f7b0d0fe1b70faad51e540316f7c1b84df8881b9d25

SHA512
0943ed53757fa7d3b309591b5748ea96b01a921a05cb1512de51b02babe29eae2111d9bf2938ac2d601b3b8ce88867ebf9e5644d8a0a4387c53a9653a64fb5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\027ea17d-48a9-4ab0-8267-2f27b54a169a\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\133d5f98-27f8-4bec-85a2-151a2f60aa6c\0ed8fd2ae18c18b7_0

Filesize
35KB

MD5
a1a8efbad38239d9b2d40d286dc77516

SHA1
a3a0775e369dec1869d06cf71ff5d099cb204161

SHA256
eefb043f14eb5fd7e6fe8917073f42b9bafe2dea5df5de7bff3e461a739a1e36

SHA512
c96e29d11575e501026de4caec07692bf0af1070474d335bab6f691722851cb863153c0a9904f9045c22c65d28b5b5f35692048a7408d2c5579edf13426feb9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\133d5f98-27f8-4bec-85a2-151a2f60aa6c\index-dir\the-real-index

Filesize
120B

MD5
bbd8fae0ab6831f4d633a6dd59673a68

SHA1
9a507f1baebe29305f77ad8f8fb3222a30165571

SHA256
26789deed54c494e5badfc676202b926ddf903dedba4501c338b6633ef235c31

SHA512
5b2b39374eea93529329e9c237bc61c2810383cedadb8da895851d0d46b4473afbe41adb9c101812648d57fb8e50b993c5dc4c085c750b1e443528eef3f26c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\133d5f98-27f8-4bec-85a2-151a2f60aa6c\index-dir\the-real-index~RFe580c01.TMP

Filesize
48B

MD5
2db83327347e49a57f64dc1579915bd1

SHA1
50e8f4df9393e1cff4835e262a4218e07746ba83

SHA256
ab1394aa5fddfa20af15b84f9b3fc4127b379f807a917099ec8f1cf7e88ff2d6

SHA512
cdd0aad96c1c4d94dfbdfa3cbda3e654ac66496561096015ef5b26151d71726a93a9c22867317f1f3e38575456c362196088be0cdf82810c2376916548edc3c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\1d9f6d7b-fe17-4c51-80c6-ea51e5bbd17d\index-dir\the-real-index

Filesize
2KB

MD5
809313bb66b6ce81e58274874efcbfc9

SHA1
009dd57a8062a9c644420a649332ad563aab0b58

SHA256
378bd3de54a3cf67c1098995b13cd5dc45d54d72aa7c9441a6dc535cd54d79a2

SHA512
d129e13185594090710a8c70e220a322f3a5af21910252e4c95be2a307ecafe3e6dc25c298e952fccb8925da48532faf077761a49f32620c84a3097c2e41df9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\1d9f6d7b-fe17-4c51-80c6-ea51e5bbd17d\index-dir\the-real-index~RFe58392c.TMP

Filesize
48B

MD5
f42025cd2fb1f4fd139f4c8ffc959291

SHA1
7490bccb6c5198cdac00c98eded2f734d224c4a0

SHA256
d0933bdaaaebe7f0482b5d418f02db938fa81cbc6554e465c87085b35c23b1af

SHA512
19c4373ca14bf9b4880c679ca778906b5927f1ce0880fec0a9346b3c2028f2c83380bb9640348597e42656950b214779d2096fe7b349e60b13195bfdfbe77c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt

Filesize
110B

MD5
1fede7f7cf06c08e4d83ffd8b01a461b

SHA1
c3e61c073718a5866c19244d26ba934e20ab109a

SHA256
2db2d973bf38e7eabdcb3099ad18451add988e3aae972b76d33c44f144b83bfb

SHA512
e9fe59b4a4acfb8391ac0cabc249bfbdd2751cdee0a219366284a6d4a26537d0ad1bdfab4264817c61d9022bbfd4426a26e56ca73d921a214981718c28e9a0d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt

Filesize
224B

MD5
91daf39148bb87666a27fbe9c3b3ab05

SHA1
a89d76459175107bd0a8d8f0de0b5109c023060e

SHA256
1821ca841d4c42aa77e8212259d550f0bc66758050899ca606331eec50c967e2

SHA512
15826f80fc90123c5049fe63e9379f6451a6f4d1499a967f4f6c64f7c8be2db656cfd3b5d6b820679f87fc0b365bcec91230eb6d31ab0ac90f51be0c6d2a09e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt

Filesize
338B

MD5
e68e56165083e4312ea1a3f9117f06ef

SHA1
5a9c6d5b70febecc323b02c6a66cc90bb95fa155

SHA256
f937f3353c3f68f57dcd206ad19ca59e4c525042c8dc34b30ef4b2b35c1d7e1c

SHA512
3a8da6c8adb804457bb0252150c3d5da177342de9571a3fe583a67db07172d0b5bf7a3abfbc25758b0f5830741951796fa9041ecf5530625bf9f8545e5ad377a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt

Filesize
453B

MD5
b8b5fbc1e44996100c30f952eaf349b3

SHA1
2daab01272baa6488e9cbe8b774ebf6cdc7a2f33

SHA256
442369274d16d07199fd013ef91e1d709012cde098b4746281c3c35556711b12

SHA512
6be913c70ea084d2fa568cc27a28414a81f213f82da0d5205a012128e0ccbe9e2365bf2cb321d9b1bf5a6fb6ec8517a0dbe73e30deda743e241c86ce413301a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt

Filesize
570B

MD5
7c448066035787227ef36c6df44a1db1

SHA1
90c9c89dca36a9829a09ad26255de90ff2cd82f7

SHA256
65a9251601c2370f0d62933757ba925da9c64bc4b0227e01db45505a4a8e142c

SHA512
8654751015ba090851131eb129f4db004c36b066f51a9b7e7b3b620890b1b0e72b73c9bfa336bdaac76a3a1c969a9d8f3108033d6bc1ec11f929bf16f87f29b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt.tmp

Filesize
566B

MD5
877ff8e4c5e85bc98fe35cea574d095f

SHA1
fcd0dfd6d45ca6f37bc5c46177df9cb0f54ec5c7

SHA256
312a9aac08f0ebeef2b993061aec435a8c6283c88d79f1479365bc8438de93ff

SHA512
b6ddefc97723905884ecb1d393de5d8fafb2bf5d6f3ff94f3cee4f337d055e34e58b4b98c05df28a8ce0f3419451dc5551e5089b47e29bbea74f052329e229a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d47bfb0e7652838666d1b5855f2191dc

SHA1
44ae2a3740d463480f9c7aa9c98452241e3cea40

SHA256
0263ad4853b9605df349cf7528344b099032e606cd8293f3a626ac89e2613dde

SHA512
2cb2cd306d4c33a6b953233d8181811c7e5edb21118063acf0c4f4f731334f1985c67543983d7a8154460fcf7f0e235efe674c72716172e1cb8fc36d1c5e6314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f453.TMP

Filesize
48B

MD5
cd926edb8b9e01360ce7b97f15baf823

SHA1
11622675ba1eec5b28bdbf544cc46b478eddf9e8

SHA256
07871a4d81afa8a4de483f603172c1596f456895fd2781423d8ef1b7829024a5

SHA512
3312ac8d30bfdb70fc82121c1124b44cfc6d06bf1d211965843ae9e02bac2fd9a27641140142d412a126e947a603309382dace302118368045d235ae21f37585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
e3b05b93613fafcb504956f4333b04a3

SHA1
2e1cfc44c8af229f4a8c507d9c5ebf084fd46ba1

SHA256
f396e24f459e7801c7ba8b58303104e285d99ec61f7b34dd466e194a936a5fc8

SHA512
435f9301e21158e049e8ec22f9d3d44aab3b28eccf1cef7cf6d51d47c5a2ac7fc64fbea288897b70130453b422da1c0df1fac2595c99f8aea3345c6a02d1b4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e54f.TMP

Filesize
370B

MD5
71e9048fcf3733e1d431be047e88d7d1

SHA1
36bc8b8baff3f49742ce3b4db9aaa9584a430d3d

SHA256
d6ba4be6cd1bf5c178483060108314e9d2e1bcf54f790149570986bf6240b037

SHA512
6ba81187c9a7f08a708a3d4ca32e51f5acba804a13ebb197778053e6eaef296867e273650617d9ab36d68ce1ed0c0080fd45c70d0eb255a99ee70f966e0a5187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d546bb71f678656eb52df92aa652abbf

SHA1
001ebb8816c7d15a973bb6f268782f94874599ae

SHA256
caaaffce01b1ab4d28f71e4eb5afba250d673202b34b59d469f8487aa5c3297f

SHA512
379c1f57ec75460740d35ead3aa0b09d2ab58b3fbfbbfc164dd07d4ffc7a66c62b73c0b1ca4e384921be4802f0eae2817811ebfc105c89ce416cbca282ef9df8

Download Submit