hxxps://bcs0-my[.]sharepoint[.]com/[:]b[:]/g/personal/president_bcs_com/EXheEFuVMI9JgxuVXRVwKR4BA3rM4b1oHbWhettThtY6IQ?e=S9sJg8

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 20:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://bcs0-my.sharepoint.com/:b:/g/personal/president_bcs_com/EXheEFuVMI9JgxuVXRVwKR4BA3rM4b1oHbWhettThtY6IQ?e=S9sJg8

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
86	cloudflare-ipfs.com
87	cloudflare-ipfs.com
85	cloudflare-ipfs.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
3652	msedge.exe
3652	msedge.exe
4020	identity_helper.exe
4020	identity_helper.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3652 wrote to memory of 4456	3652	msedge.exe	89
PID 3652 wrote to memory of 4456	3652	msedge.exe	89
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 2480	3652	msedge.exe	90
PID 3652 wrote to memory of 4916	3652	msedge.exe	91
PID 3652 wrote to memory of 4916	3652	msedge.exe	91
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92
PID 3652 wrote to memory of 3244	3652	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bcs0-my.sharepoint.com/:b:/g/personal/president_bcs_com/EXheEFuVMI9JgxuVXRVwKR4BA3rM4b1oHbWhettThtY6IQ?e=S9sJg8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf6cf46f8,0x7ffdf6cf4708,0x7ffdf6cf4718
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8923527220648884325,11491562068981818973,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
38KB

MD5
0278dee0dabe99d076e0d716dd3a66c4

SHA1
dbe0533bda410c98524be396fd0791d1489fc31d

SHA256
ea6ee693ce1024e3c39adb628db52f82bac1325f88f0963190efa720acc8497d

SHA512
e9321774be46a730a9d98a0844a7ed86c5e903be489f76a763e3edc3e6d45d51bd3d6141e10a844841fd7243ca686446c037b2ed8fa98727bc0f5f2b0e27bdd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cc4e761daa672954e592a383066bdcf1

SHA1
f0b821557814c8c6f0c55ed98f40d571af3262a5

SHA256
0225d07171d627cd91a01fa768c05d3a354db5802981d974017522a5bbb657ca

SHA512
a309323d09ed89abf4c4b7ec7c7c5a63a1e888ab56486c734ab5db102c66d39f8a43cbe4ef5dbf03e4e94cbb5e076211b8891a1fde8d13e6aba8043965b7e3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0dc170114cf8051ae3c6863ed86b1f69

SHA1
d2eebcc333a1aab24d47e2d7eb77365829e3941a

SHA256
3788182a92cde0bbb2d4e4b693d915f088d8aec859a67bd60f80e0f3e78ddf63

SHA512
ece741b1d7d3b4b3e5235105d9a68dddfbb82e800ec5cc964e23b07b5a205e246421e65b051ecbf40bbad0b5aa80f20b1e597ad690f0fe8ad76e9d2b86e8d29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c25a69d4f3e8ee71f1041f49b1590944

SHA1
811557c915131318f7cea3ca62cc620c5be66e22

SHA256
0219589bb83e240700eb3ae6082d118cde26929fdb8f931d7cf405c9199e8515

SHA512
45f84d35695a29ff9c57ba9cf9881fe89e853347e6ec54d6c6e00b5a620a9a9b5ba2d98cd70fcee1a7a8f2397c0be1c7968711d1008a2f1e98364eb19a6cd589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c42a8462abce031a0240ea6d85b8bef

SHA1
e63a7e47cfaef7036ba32929a4ce50c9e53de6c3

SHA256
281371eadefb4706f5249e416a5a32a717648546765716b8c6538e119f07ed4f

SHA512
c52ddc82fe29bce0bc3171419eec6055777b954ffddbb2cca853ca16f1aa6f2ae7eeb02d6631341de475bd1695ee0be95ca9f2381c30c6296bb6b7ada7627de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94317d7e55a7d9e2a34384e100852329

SHA1
16ef653e12e1a583fc1157d6c3a37581a0bdf5ac

SHA256
40322893af63cff87d4b960379f48421467cb04d5b80d045021d6c0f07623e55

SHA512
f12a9aeb194fb5a05955b39851f4f979b9fcf7279a1e4fe1e3b5b54f86d64c41ea8a52c9c36db5f4cafbaec1350164337deab73e0efa7579c3c30ca52dea838a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c54d907badf52005a15f8046487602b9d86f3a58\aca54701-60ef-47e4-b0ea-3d9bf1873cd6\index-dir\the-real-index

Filesize
768B

MD5
6b77aaa63ff8a710fd1026d90a43ec54

SHA1
290522597425f260de1c22d438a7b5d810f7a994

SHA256
f09bf61949a496765bb63fa74228a3a7eebad40ac85f7f3ff619b7ba8b2b0b95

SHA512
238db662fdf48b1ac412ca9a7ad5b7ab7197e13b344e4b6be1023de26a4977026f2b8b2e7e6de6e608f04801d709c368bee56de2a5fb86c3f98f88804f8ecff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c54d907badf52005a15f8046487602b9d86f3a58\aca54701-60ef-47e4-b0ea-3d9bf1873cd6\index-dir\the-real-index~RFe5935db.TMP

Filesize
48B

MD5
94eb72e8d68d702efd163ac9b8a18c6f

SHA1
b2fb6ef2d757d6eaa1d355d45a6f1a2b4436985e

SHA256
2d3ae92b6e63aed3840e821faa91372b7ad369c673601f0dc134c46fb0ed1ccb

SHA512
cc458c96667bf0345b9631420b3dbf3147e7727a47a4fb78a9fd85c913e12cc61a185d705fd9929eedefce79aba5774397660d0deb47ca637b714ec3c7c8fb01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c54d907badf52005a15f8046487602b9d86f3a58\aca54701-60ef-47e4-b0ea-3d9bf1873cd6\todelete_7a48c130a6a40c0e_1_3

Filesize
288KB

MD5
1ed9e8281111135a476f06baa31e9c09

SHA1
043954c9bedc0c6aac775f1bbd896fc6ed721b1a

SHA256
9a255eda654cd38fdcf6e63d2efd1727b346e890d242daa2f26a32cf59d73a62

SHA512
b9b559831b312e51eacf11fbd4c09915f94751bdb9dfd469b219f3bee4143f56fbc1b2bd7fc3660313ff676f28f304318a8ce27d70cf96bc3c85b090febf5206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c54d907badf52005a15f8046487602b9d86f3a58\c4f78f7e-3795-4e95-9914-39d63ed876e8\index-dir\the-real-index

Filesize
18KB

MD5
fb6a6b23b3baa72c1c7977422637ee7c

SHA1
5202b3bf9be5e4658502f05c7243645d7e81edb3

SHA256
f123f29676ed0ce4e6c6526ed1e18b2ec4ede94ad085e5437b8c627109d9f00f

SHA512
e99f89ede79acb66dd2393e8a8516f1a5c50d0f155f142a2acffa799aa4aa2692260a6d9b28ac1e4dbdffbeaeefe0703f9e0b02e6e81f749114a487e7c7efe1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c54d907badf52005a15f8046487602b9d86f3a58\c4f78f7e-3795-4e95-9914-39d63ed876e8\index-dir\the-real-index~RFe593464.TMP

Filesize
48B

MD5
eed7c5515fd2838ea896ee91bdca2d80

SHA1
95dd2ab7f6205d80bea7ffb90dd1f56a9a6bb459

SHA256
558b39590b7fe4876afc65a210984b41ebf79e3fce0f5adec7cda9473998a58d

SHA512
54bc79f279c90ac9a68d5de84e906a90cef37602d48157a5a0dd6ed8edb70fea1d97d5592e9b8aba1d6e133d2392b250c65d87bc07f41f38c2eced488fc55dc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c54d907badf52005a15f8046487602b9d86f3a58\c4f78f7e-3795-4e95-9914-39d63ed876e8\todelete_7a48c130a6a40c0e_0_2

Filesize
143KB

MD5
9bd50e2846257baff32d9f17afe8ad97

SHA1
83f31a9a84792ee941a23c3324d9b1006a83ad03

SHA256
4c799a1ef49bf5f7e769dda99558e0474ae1f1ff3db0a7802e338ff17d52028d

SHA512
434b38cb9beec94423624a491d92a93a9c116db8022033e1d73b47ff7567d2c57334cee76781df1a3e7e1a40945d3b22a0e10f0e8f8903702ba8fe83cc3ddf26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c54d907badf52005a15f8046487602b9d86f3a58\index.txt

Filesize
174B

MD5
97c1cde9eb24675aaad1cd7e51eec97f

SHA1
08d3b57474b6afa4e9987c8c837bec8c8670cee5

SHA256
5c6e54ff406991ae194fc1adcbd4ea3359f151dd38bf0a08859bc3a7d33fade8

SHA512
174c18a092b88b9f07f100a0a1d7a676436708d104581bc62164d41d94f69a1a2aba3bf54511926cc79e38d326ed47a0d84a1ed4f15002eb31a19be23127689f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c54d907badf52005a15f8046487602b9d86f3a58\index.txt

Filesize
170B

MD5
16352fc32090dbd01ce91d6027eb7d5f

SHA1
823c4884386a96b605cac544ebeba75e1c200d25

SHA256
725a28260018279860828022df7db8ca55deb6eeffb288655252e866e3c61ef9

SHA512
4e45b00242f293c398858aa5eae76cf9426c300b1cd10b9bad1c7d3a383930cdc7f89bd20a9f86b69f643ff1ab5cc4cd86ae1843b80e2b520eb0c8dc6803dd37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c54d907badf52005a15f8046487602b9d86f3a58\index.txt~RFe58d889.TMP

Filesize
103B

MD5
90b12d5a5507e16cb8fa3b99dc23ea98

SHA1
495a2b3dc41a6c3320215dafaea93369ab0730e2

SHA256
8e47922144a81333ac91c0d54976c293b104abf48c17fb6c4677a5e149d482f6

SHA512
251ad99f34437461f395b4f202c1e609ac6ab1eedfbbf96877d7270b88670a33bfb401643b6329618174ed1f54bc474f9e41a2fc4a9fdc0e37a7c35f2cdec5b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
1f1fd78d83c42b4a15796280fa28d649

SHA1
4ac8af8f949fd27ab7f9da934e93d107c058ff7b

SHA256
e959d4fd6e816a433115c4c2d0b82906b4f4acee80e5f99ce5af6050718d5837

SHA512
409ca97306a5302c4915b18adcb79d7f644870c28b352856d5cb0cb578894e31fa1dace783ac480df3a82a24dbabc310b4b3e08e4e11ce5a924d247d1e2faacd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c5b1.TMP

Filesize
48B

MD5
8a32fae6fe9ab8fa6bb2d4be923bfec0

SHA1
fc5e824e2421cf6a31a8eab3b3fbac4e28cd043d

SHA256
812c0145b64c9634ceeb2e6143d06f0913c7a7714d264ef616cf51dc93832565

SHA512
cd47b1d3f10567d5d69ca3ba15fdc279026da746cfb74d95b95ecd469d6885f701dec59c1a9f726bb26d9a9cc37a0c72ab3fbe3b24923e64f15a17810e089c74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dd8928cf14c4dd05a4938445856945ff

SHA1
79f11e0c7addc7d8761acff6a249de4a6f753aed

SHA256
f1a76cb12818b92879c1346e6e247bb65a79dbc825a3ef052c3fa2d60cbe9ffb

SHA512
af5e1be66d8ca10d32f9651926d69ce5a2e864ac012d1a8443dd3436ff596ab00d45adc3b4e3fddb10adb0deae71482065f83a828b077b9e7157a2baa40bb806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0707cc41d35604310bc66f0775c1d778

SHA1
51a322fc348a3f93cf1987aafdc01c1dd854c977

SHA256
98818928b08cf03472f49d7ec90cf6dc8f5f38ca495bc39cf3a11a1c0effc0b1

SHA512
418ba982cd943f1bbbcf96703e5684fd1e3552a1f49d14177e44197cc7baac03be90127d2d4a5a9734da1864781828314664eb91922415cf9d40372e3a40276b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6efc5374e8ddbe29d1b75d8f17f0f616

SHA1
b4c939b8215897f40bd39e4f55a2e031b77f77b2

SHA256
11268572f2d624b0310ece590b34b2145487970f3453c829f6c09f21987d49fe

SHA512
064724888ac11e61ba28331a81cbf8ab0b414b482c9d9a19af327e52a924876c7dc1bf928bb6e9f50bbf8fd4cbe3a498c689236d34b3b85115a5f7ea3e058a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2350c4dd016ec178e3960f8ce68a5ed6

SHA1
e6912d75ce441ec36489cb54f0ea8e5cd3b84354

SHA256
17179ba0003d8d141f7a3f32cdf8e43b45c69ff69dd0225a6fd57820bb8c158f

SHA512
ebb510eff9962bf1893b9e12485ce323c5012d9eeb707f80ea986e2accbe5bd56cc75f9ad52d7593a046d2a0547abeb3a4529348f9f9f86c0516a513a7fb60be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a9b8031081fa5544e4b757d3e9d98abb

SHA1
bf6376ebdd1196929bb62a1d540784194344f229

SHA256
f57147db59bebc1a5f2d98cd01e3bb2ca880e84f98f4368da54dc85fb050be2b

SHA512
b3c7643db8f0d243ef884a72cc3856bd4515038473144ee9d236e02ef7746244408de3aa42bffec801bba430708eb36ba85c0a78ab02209acdc609eeb87c0a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f35405af1e7b307000317acb3ebc4c0d

SHA1
4c6f0a7b394a10fab78756eb3d211fa4ce6c3757

SHA256
464f49cdff1a4164433da8c9f4f68db782dda4370dbb5ec9aa2a0d96cbfc6180

SHA512
5544d7b5aa279166b262788611192975268c245e1bf4093c26fea1577640eb368051d86fbec36dde28536bd5697b7490b362bfa7f245bcaedd26bb47ab35116b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67a3491362b11f173527865d660a75cf

SHA1
13524701173517d7c4ecbec1285a8d3bb3577e54

SHA256
41af65ab7b1ff27807a913dce33552fdf48e7a521ba3b0e32a3a9af3a121aa5c

SHA512
b47e2ed4e6628941fe9899e9465dec3ee613d5a13e2469af73c6c22767c0d3d6b95fdb2754199f12e7c5819bff6347f309af852c8e92e28816e36246b152f4cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e1112e073fd5b8e359cd298a5f63141

SHA1
4d6f68be402d784ea0eb1b3d21116e2e56e2f345

SHA256
7cb085cacbcdc9a797bd5aaa969bbf2208a4709f1745b2815a62d51a1a598327

SHA512
2851e0010d962ba4d6715fb596248a8a48b3ba3304b55ba101bbaae9f79b52db05bacae7f7043ab783a90722df937f216c0b65a1e9f426550d54ae411fb3a372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e68b0abeb6888e506a5b6f414d8c43c5

SHA1
f9305d434fb25acc74260dbd4ed4d582c249ed7a

SHA256
2f78c9813199b68663710aa531a9b80f1a35861b05efa0453887a35b7fdd33d5

SHA512
d324b0f19c656e0038249cd132e16f2eb1cf003b5b2d18a3336155f5297dadef1de1a78612e17774eb14203f6e6bf966f3093c93a81e838a7bc8821ec63772f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e88fb6221f80ea4c8e4bf4890be4606f

SHA1
a5ca3093a73b630aaf2d9f418acb47d598c118ad

SHA256
6e0f57abfba50454672f361c46eb90e28fb1d246280407294e068fb07953b289

SHA512
7e1012c61536ca6b186152eee20a0a84f62071a33b400784a9e95fdaa61e05550869b2a69906e0f81d9f19cc2694b9534b2687017a65bb986ad6c643ea905069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a46e.TMP

Filesize
707B

MD5
79825437bc4c87cf7b25b3ae75095528

SHA1
625fa3c89e6df7d6f5afa84ce1c3e52d96a59b39

SHA256
b7fc4f71877e34529940850bab1edfa359f5ed0f9361a02e40ec5d7e35fc137e

SHA512
f1706bfefa0008fb59600fa25db5c88e3486b35c320910cb00e16a640c112d63006a3e429753d9d3b8d0a4d784d6d35fbb5ed5709b23d0ed67f05048fe5d38a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c5293d550b78a1d912bcc98fcaf57a36

SHA1
4b27ec1fb0b558c999ba825282a94eb99fa791f9

SHA256
f1b67880e4c77ce84fe2b503d94c8edf40c58f22f8c75cc43dbde07d9b5c835f

SHA512
687c8a51f12adf963b30c8f8a3b55a4f7190cce5cd84f90aed53d76fa803090eae66c7b7108b97bc1714309346b7df7eddb8df52bc275ceafb7f8dc70d2f85f1

Download Submit