hxxps://docs[.]google[.]com/forms/d/e/1FAIpQLSc88dUmnd2RGTGiyWIIfa2OsKbbvLHJn3b25IpctSaVy2Xiqw/viewform?vc=0&c=0&w=1&flr=0

Analysis

max time kernel
283s
max time network
288s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2023 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/forms/d/e/1FAIpQLSc88dUmnd2RGTGiyWIIfa2OsKbbvLHJn3b25IpctSaVy2Xiqw/viewform?vc=0&c=0&w=1&flr=0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
2292	msedge.exe
2292	msedge.exe
3368	identity_helper.exe
3368	identity_helper.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1540	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1540	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 116	2292	msedge.exe	47
PID 2292 wrote to memory of 116	2292	msedge.exe	47
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4284	2292	msedge.exe	85
PID 2292 wrote to memory of 4364	2292	msedge.exe	86
PID 2292 wrote to memory of 4364	2292	msedge.exe	86
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87
PID 2292 wrote to memory of 4856	2292	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/forms/d/e/1FAIpQLSc88dUmnd2RGTGiyWIIfa2OsKbbvLHJn3b25IpctSaVy2Xiqw/viewform?vc=0&c=0&w=1&flr=0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcfd946f8,0x7ffbcfd94708,0x7ffbcfd94718
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6960835847264137636,5953907866866688115,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
9235c0ef6c6581c57c1dc60b14e9b76f

SHA1
02ad6047d258289a9fde7442d7faba64c0206c48

SHA256
6e2496e41bd10809f5e544befdd01ca2a2396347bdac8a59c245c264d252152c

SHA512
24e58e6a58a93cb0ae40220a6b5a386ce20c2337d124427de6692aa32fe0f8cb95c9f29fb32bc4a1f35a0129bf0e2748e3d5097a6d4988ee9a296ddc56a9f7f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
b22e567c27ab7afe6b964152e9ecda26

SHA1
ea32228db9e7251eb2eb59faf99140464cd561e1

SHA256
09929c625c3ebcb731e5d8cd287f2cb6c819b31419e19ef5873f6254840c195a

SHA512
bbbce53ac77bbdea8c67a83eb6a282994f9f299ee5bb4aaf60b1eabac5ee5f863f8dbce62a7338e6229db91a836b076ac313c1ee772236e9caa3f6c43019fe71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2b4b768776f1bf054312063c619c29d8

SHA1
02b2acc3c01d815fb87c99237a323164c8e4c216

SHA256
cda786153caa607d454e04f1b544a31a9d46364bb6f43fdbd6d114196ffd2cf2

SHA512
3c16474bf8f98876688629ece6811ae60d6de7552ab8e67cb759f8450ee5a197504c4fc80578e4a484d57f552c832535f442764ccad361d2494d0cdfe4ee2b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cd4d35b2a4aa850659a53c7a60a6800d

SHA1
feb74352d55d2561d9d4081b638899e177ce083c

SHA256
066a21032d68ffed813dbd40c8c69a8443444c3ffbc2af50daa4418ff12f0d4a

SHA512
d44f992ac0def51417a3ef831e4a790e38fb51e4671e5699170b849e5392cea6a15282a54fe770ab0a40b33863b5d094e52263bb6617c4b4fd5bed8e60472e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c96db6794446c4f7e4d3057d650bfd10

SHA1
cf5b2ecdf3561edf59ed24b1a8064936ec0dda27

SHA256
856c2232852baafe9cfe83ce0f846afb1493c6ddf8ef9f6b0c4ca383ad39d5b2

SHA512
a77210962e405bafc0f32fae3645a4315261c3fc3cfd720c88e21609d649993de9d1ae9ccda4a66521445f05cd5718a2cec518f8a361e5fa9e90cfeae9dfe82c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9099e997989c32adc58d8e524155d757

SHA1
70932803eb310c5433129fc6ed2a96269bfb37f3

SHA256
5494a042e391e6103db1cb43e34e65d424540edb224d8c60b4adf25e6b39731d

SHA512
05c294ee1470d1d44a6e49655744fe875d1a54c1957ad93a430fa6fb7327d2b9bb4755477c5096942fadc810fb38da237bb4029bb0590dfc1691d20f6bf631c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4853819040f5c42dbf712c488be28cd6

SHA1
d02713319de3221e09de7e795fe44e195362d9a5

SHA256
914d7a7ccc59f69ccf453c35c4004bc6b8966af4080a52ea50d434d2a7e3485e

SHA512
faf4cf3565bf468ea1fe3f8e1191965f6c364e848563e71c0db3ce9c30e5865d9ac6bb664c372fb4745c84200ceea266182c1d4913e013e03e0f530d55b30cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f2ce3f21e1f238812612cfea4d07cdc

SHA1
28a8c16f28b93f97c47ea7e37a4fb63f13fe17ef

SHA256
1b5a9e458867a9d06e90376ce2de668ad84e3889245d5e34142ed9b055777ed6

SHA512
00d4c90f52a50c45604de57c0b3dcba7ae3bb81215de66cde70f368f19b5751103dd77b4f5fca0b380a816c68b43ee78a265c50ee65b6c7f89f5f39d23b5fdfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
79aee620824cfa28b891c731b83f47db

SHA1
9af9c29767a167b20054aab89d8b4654aae46257

SHA256
244d77f9270616d8e82d341b0a3fa848e2f33dacdf44729868831da73e6f13c9

SHA512
eda968e51b55519cf23cb977f76f7e8a1fac9cccb456a190bde2a3c2d94f41079b8edd3438141d84d1c2f7c08e8ad5b7f0b9f83492d7d73e4c8e11444125706f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
486919d20e3ad15d98319b13766e6d31

SHA1
047bf758e763d2c64b7fbcb903a72027e588acb8

SHA256
25e28c14d7d439ff546408def046fbb90845092ef0540e7ea75b8dd7a4d5df61

SHA512
ec0d834a5c6c49108abe745c795ea40696577f63c3f817b788eec99eddbc8a1d54678beecb7fc139ce6e9dfac2f3f240d692222f53823e732a0c918124cf8c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1743c09715f0aa2afd654b9d32c7473d

SHA1
f8d5fe145e333409daf2e17f4b6fe841afecdefc

SHA256
8f3aac8121800c2b5d1839c09a805709373d085d415367c63c59df6517c504c4

SHA512
f949e191a45feb634f679d3d58e803cccdf59e745d4b8b53279aaa26bacc0827a409758747ebe37a53fea2b933b38572619d70a79374d746727a196c8acb15d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f1881400134252667af6731236741098

SHA1
6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458

SHA256
d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75

SHA512
18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\0e2d3812-3720-49c5-a9bc-99deba9ce55c\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\d6311865-0d8d-4a37-8bce-48097ef69396\index-dir\the-real-index

Filesize
144B

MD5
1f40f5466cda47c68636b3f377cd159e

SHA1
b232ddb283ccb093fcc5c48410e3e76154f316e9

SHA256
879aad260f5cfbb4c0292d45eb6a227930b9faea0a9ef895fda66474d04fd7e4

SHA512
85316e6644a27b3b6a6b86a5b339a2be8d63b547fc908793776778637cf89beafc876b53cbd80f80027e65913739838813bf5ed68e318604c5d3786a45849d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\d6311865-0d8d-4a37-8bce-48097ef69396\index-dir\the-real-index~RFe599810.TMP

Filesize
48B

MD5
64e9b17f6f15c4bc69ea166c1d1ff15d

SHA1
4fb2b6b04cafb4c4b508f0219b7f570f709ab81b

SHA256
4cdfc4d9ec5bea562227ca5f72b13a9cf056124eb9d2b006b98103f4b848dbfb

SHA512
c2b2ca8936fd32d48a50be7e2d809b3aed27b38c2b061def319578fed26486a5e0dbea84394ffa4ffca294e7fb4b155185a20340f5ade0db0f1b8ba47854af1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt

Filesize
224B

MD5
71d56fd71af05f65d775a787865044c8

SHA1
ca121652e950aaa92422bc837a746e89ba4f3ae2

SHA256
0a9b4b2f79ff4b8f1e1b90117072e6baac1c3df393b28b60f9c1a349db5784d2

SHA512
9e919f072a6117757fe7f2c5e0e33eb39ce7da732f4a9ca6d6b09e75c6de2151ac468598a48ba68040815ceb0a145144472f336ebbf2fd575e9739fb237c6857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt

Filesize
283B

MD5
e3ac5ce063ad025181ff7e5095ca6957

SHA1
de349fc9d507f44015786db330e2ff575c23a4b5

SHA256
9ea824833e9f95bf1fd70474e935aeae77be47a794dd6016205921a6beb18fd7

SHA512
e6123de02b0e0f2bb04846387e684f1cb787ff1292fb70e12bc6b1b205a446a8afb37f305ad624fa34e24bc13b60c89b3f6b5fe0c25b44723a669ac7c7c76680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt

Filesize
340B

MD5
f768f46dbec11dbac01ca06b14682a99

SHA1
dca641041ff2458510dcbf642dc40cec295eeba8

SHA256
26b796b71fe63541152c88453c1de16408a301fd828e37da34d50da759c74ba1

SHA512
6280bd52fa50c3c023f9231543505cb6560993637adc84ad1fdb3c50f61853ae22b63a3f5b65709aa7401100fe6add5bbc74b81c716fefc2fe070dbc2b216aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt

Filesize
333B

MD5
4c3a8c6dc0eee77c8534111d30c62f6c

SHA1
295bfcb2b78fa4be6ca3c23e133f264ea648ef7d

SHA256
0090b7c659c1130f75f4c8a337683dc09e8d19ff09b0feaa4f78496ad8e2250f

SHA512
0888554434ad95ea91b68e03a0e231087017a43f06843262e19afe8f4fd32ebb68e1088d3bff91c7dfca18f15a66e87a35de97a2f75cf7b319f76356187759c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt

Filesize
171B

MD5
32b82e13cb20511ab11226b91f6aed2e

SHA1
69b98cb6909d8cc01f42ae42b09de960b31f59d0

SHA256
5c82c132a6baa52cb32f916592103e6eed34a817980b900295283fc8f5a535af

SHA512
868959f1a54377863b3dd72dbe32620161371062afc78d1cc3682ad428b2a2061c79972bea97ea36fc0a1cb276b0710a1bd7cf9032bb671b2216aac804900779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt~RFe593acd.TMP

Filesize
111B

MD5
3e2a214b0d0d03d835b91fdf7097b17d

SHA1
6e02f90898f223be071d5aad61d998eab8f92b19

SHA256
8d93034203be51fa9c70dee1621acaaa5dd95c6fb8ef3318e82026f9499a0dd0

SHA512
3baf4da1b44c318e17abe2bc03832c6f7bcb7768feca6b549b67a3fb6b862a28c59c9aee45f13bb42285cfdf8fed1ee827dd06d4c94e70ac4a643277d809b8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b9e207e3fbdd40daebc4685a95082bcf

SHA1
e1af82e89cf4b33c075ddfeda733e355160b7739

SHA256
636f155a52cf305bd2f8101e7072f0d7b080d8289ed909d0acd53090a0c24922

SHA512
fe9470dec49c107f86d9f66529fd1232effcb37406e92772df1b0d1d55e92c59021488f552748cb7f2c0ec1667e437bea44ad695ed524d6f576b6865008d7925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598a45.TMP

Filesize
48B

MD5
01b5bd50b04f04b2adf0fd7202e99dfb

SHA1
685855ab22adba032fac283cbde23c9f8b18615f

SHA256
300ea77c8b0f4067a8f53b336fdd171e2bd0fca723d2c0d542c5bba6d4a771d1

SHA512
df7a89f0712557c69635ac357cea3769ee9ac7126270dc082017fd3e4b7e13fcaaa3e96fb1230a3460f26959287664cf3ad1e8361159f1dbf818608a85f53a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
ecf66940505f042e1cce1598b0233ebc

SHA1
06f24fb431f64ea2bfe7fcc8949fc63a003121cb

SHA256
278131384048c7d0e21492b415dc9cbc99cba98076be3f44a989364ec0828203

SHA512
0e06b6bd760879b7db5e10e480cb7299327103bca8d17cb6ca1574a81065bbab8d928368483411077c3a800a228ec4883309f3b8f9d72c2fa8d98444d9b21080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
da73399d8ad37553fb7ca387a8aa8b44

SHA1
0b9550bc8b4f81509dff95ce6282b043714a3e21

SHA256
55b2aa32ce48e1415afa30bfa7b8d9c955bf9357965b6404dc639be216a96a7c

SHA512
1ddcff12ce645b1a0c65bd3666bb43b4def169e267685dd1a192d721342b6f0cc8917380f6ba1ed14d66c1896e9a361de1a8c1a817f097df9bf937f412dde39c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592b3c.TMP

Filesize
202B

MD5
a0537a3a6dafbb81d171793ca8bef50d

SHA1
8e943ee9aea756187dc11b6365b792d1d10ff306

SHA256
219c10ba81f7dd411145f6585923fd5a615dd0327526b11de47613e7cf3d6c55

SHA512
fc945cdd61b637557ac965ad8731098d04562f46c2b2edeaeca762a06933c5a97cc2916e67b43aaac49ba86ffffc6909d63e1e17239946874b26f05c83141f0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
35ec28d9356f4e76c19ee8a55bffecad

SHA1
402a2c004fe5fbc3b32bdd8e70b44e43ba6fd8d4

SHA256
61c3c3a8c1a63af10d536f1831345cfb3ddb5e3727000eb4cbe71bb251d29b9b

SHA512
83ecc4b6fb4fc9358ff77c4d42657a93d9dfb16e06a4b2f364a43d05880e6e0a539f1ee546c69281967dd12d701cbdcc83b72af26fee6d49c202a977541ef17a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a16716e47c01cbcc1f804a3b40c70ae7

SHA1
4cba18ee384ac893ad8d94d9e6dc545bfaf8084e

SHA256
16d61256a71b76cbe15b6eb90324fd4cbf018ed36a77e47c7dee250ed51cc3bf

SHA512
eb8df8ed2dde76daf90ab3222a4a06ec72edb9062b54a6bb86fa6aa7f1247b4f74544a1fcb10709bac9824dcfdad7e6d0227c3f8b92be822289a45ae970d4c98

Download Submit