hxxps://unitedplastic-my[.]sharepoint[.]com/[:]b[:]/p/crodriguez/EVDTMZhsa-ZKiUWXh0LBCCcB0CeoEgLT8Hmw3ZpRzFPaLA?e=fudGBL

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 16:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://unitedplastic-my.sharepoint.com/:b:/p/crodriguez/EVDTMZhsa-ZKiUWXh0LBCCcB0CeoEgLT8Hmw3ZpRzFPaLA?e=fudGBL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe
640	msedge.exe
640	msedge.exe
2028	identity_helper.exe
2028	identity_helper.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 3964	640	msedge.exe	85
PID 640 wrote to memory of 3964	640	msedge.exe	85
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 1032	640	msedge.exe	86
PID 640 wrote to memory of 2816	640	msedge.exe	87
PID 640 wrote to memory of 2816	640	msedge.exe	87
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88
PID 640 wrote to memory of 4428	640	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://unitedplastic-my.sharepoint.com/:b:/p/crodriguez/EVDTMZhsa-ZKiUWXh0LBCCcB0CeoEgLT8Hmw3ZpRzFPaLA?e=fudGBL
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8d6c46f8,0x7ffa8d6c4708,0x7ffa8d6c4718
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12425915115764154226,783630584534313512,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,12425915115764154226,783630584534313512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,12425915115764154226,783630584534313512,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12425915115764154226,783630584534313512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12425915115764154226,783630584534313512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12425915115764154226,783630584534313512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12425915115764154226,783630584534313512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12425915115764154226,783630584534313512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12425915115764154226,783630584534313512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12425915115764154226,783630584534313512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12425915115764154226,783630584534313512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12425915115764154226,783630584534313512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12425915115764154226,783630584534313512,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2372 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\01f18d79-dbed-42f0-93dc-aae556cb5bd7.tmp

Filesize
873B

MD5
78ede065f2d8ca249855ee4aa02f58eb

SHA1
39fb0457b45b494ae48091b5ef46fe6f1b1810bc

SHA256
e61d663049080968e4044da8b135cd81b1f55e9571e15ce26ea2744f3749db66

SHA512
2bb91ee4e0851341ae44fe40c0ba93ed295cf522ef333edfea828abc63d5a9504725241258f6049ce4284cfaf4fba14b1d115d540faacde54bffa65bcd11431a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
38KB

MD5
82ff5b0be5c2bac5c0db3b2a585cabb5

SHA1
bc49bed8743e6533dfa564ee42e3d0c52a251c46

SHA256
797ed72a92ef29e8c8a5bdec182928e09fbf0eca4c98a7b1b5617f33812b7757

SHA512
4a8bb67194f0ab6968b471a448f567b1b4e227c02e8fd7baf5a5fcd67d6810f47ce51e372f4d3d7fd1478c45f4928a7fdd7f2f52204475095b7036fe3661992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9c5875fb6430ff30517eb668d5109d64

SHA1
08211371b3d445bfb6d89e3e713ffd70b5ebf095

SHA256
06119db7eb29213a6966ac958b22f2cb4847fab7a245812888a032d613cb70e7

SHA512
d46a4c7cd50b6e8076296934e8a03b9e75d108260d41afe343c9c38a2b65dd0eb1f209afcaa5154fc4b01d42493394fb9313a925bbaf5ef5aa479a1071f8611d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
45f7062db27fb8edbd11d5cec84a39eb

SHA1
4dd3ecd5a95b666a702dbd5e406a7c15352426c7

SHA256
844ef87437a63150d252ca7239fc9df42aba8186c59b61caa8684b0febd62e89

SHA512
926c0ded920a71b6ebbfb3f40e0040d35dffe31464c6295ed77db7398237e6c386c20796a5bd6c55b7cab65a107025c74555b56d8eab72142b870b6181cd3265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
245423ab410dd8c51b2ac2b18a01e115

SHA1
fcd7ce87b854f01d428c65f47b27b1ca91e962f7

SHA256
5e94c56e79b5364f15bc1d318e058108a46e8e09b54722b24085f0f6c49e18a3

SHA512
622ee6b55cadbfe08ede8db770b34565cf0fa3284450291b7d9d6b1d79ac347d39028df3ba6bdb78800c0d495ef518d365b48443fee67196f6f26f1ad87834d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a8b42bebf77e3bc3ddd36433eb32543

SHA1
1f58098cbe8e35f994886e36f0054e2bb8f61f8f

SHA256
17d4b8e8a0a0ef81657b6ffaafdc86c959087a479a09564c6b3a9701b249be25

SHA512
98d1cd57ffa45a1ef2563be08c17b366e5e6d85cb64595b836ca9ec6faa8b7a3df86359e61d710f9e67f72c82bcb7f80d3432f04c021c618b1b9a3aca276ad6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc6289c14de1b2644109441f961dabc9

SHA1
750b16f86612dea10f0f22f0a0a8f9a4732611f5

SHA256
fa90506bb5ddee4646e561476ca2665af85344cb9bd5294152c4343e1f88e214

SHA512
6036385f978aaf93e0ca7d39841d41e2c1b69996f74217873343ef14062b499ae425f56c39a25687e3078228bcbde02ffa946748fa2b3549e84b76bb28eeb438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cabbfc5e3b282898cfeb09ef7dfc267a24d39572\328729ee-8f1b-460c-9df9-3a25212e906c\index-dir\the-real-index

Filesize
16KB

MD5
111fafdee137aa9f01077caa794b2b3b

SHA1
b5a538324680c124c36ff2022faf6fa78e156c6b

SHA256
6678f7e8f3917c874d98c0df518306618567cd16cd84c523ef4b3f63fd19d4f1

SHA512
d78a2036f7f68e241df3085b04f2e9e8a0eef621ab003a749e5c61aeb121a3d9957018905791ec8de1bb5cd3b0f3b35769dc8a9ecececaecae38a8bef4937220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cabbfc5e3b282898cfeb09ef7dfc267a24d39572\328729ee-8f1b-460c-9df9-3a25212e906c\index-dir\the-real-index~RFe57e5eb.TMP

Filesize
48B

MD5
18b1991e4028eebe47b8b55a3c3a8967

SHA1
ed3cc99b1d84b85b770e76f6ca31aa2629d8b56d

SHA256
1b599b3d6bb93a5a94cde646207739db6ce3e26562d86c846c1466417786b197

SHA512
57763a7eb65b71828993b2cbe1520d5a303bb5b38c91596c98d698f6c1e43faa2261784bdc83493db4afb9bb9460818b5b0fd874dee6be45489dc52b53cdbbc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cabbfc5e3b282898cfeb09ef7dfc267a24d39572\328729ee-8f1b-460c-9df9-3a25212e906c\todelete_7a48c130a6a40c0e_0_2

Filesize
142KB

MD5
3121c100b15d520b508687edb176031a

SHA1
bd167d1a9065b94bf6d0d63e4aad7eec8d65d799

SHA256
a7e761e6272e83ae707ed65d6eab68b6096b96abf8facc6144b93159d6b9888b

SHA512
a3d7dabdc1a248d833178cb65a10bef7b8e2f71d62c13ed7c17b12a1c4416af82b2510ff236f7858d7096c9acf5ef0dfb372c4ed47a0deaec73ed4c968b9bb80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cabbfc5e3b282898cfeb09ef7dfc267a24d39572\328729ee-8f1b-460c-9df9-3a25212e906c\todelete_7a48c130a6a40c0e_1_2

Filesize
288KB

MD5
e1635c01527248861d53c9b32e1daab5

SHA1
554d29452c8e1538ec1a3b78451f1868f4bb3309

SHA256
d772dca62923b33a88165e90249209ec3f18f21ddbcb3b2a99864eb55daafd51

SHA512
ffae35b17267e7bd361b3339bec471e82f7ced5018341be568dc8d9d477000b2dd72596fbe82c4ad9650c5e890f97a9e00090e110119e16e9e1314b37d3ea54b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cabbfc5e3b282898cfeb09ef7dfc267a24d39572\d3da7ae4-acc0-40d0-8bb6-9e79275f9198\index-dir\the-real-index

Filesize
768B

MD5
47ff6ef9057df771ddda18c96cc0c676

SHA1
66fcd9bf77b7768ee1210b5e44f32e56f4f1af22

SHA256
3a3d3555822a0578c50abd201ae9ea8ded23f5fdf230e761049a8af9ebc25aa9

SHA512
c657749ae78f2e8221cdde627a7995027ea092fb7267360ef1564e3d33ca15ba9fe7100141fdf2e99a31d5b37f85074f9662c971cc59811f93b41c8a957b92d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cabbfc5e3b282898cfeb09ef7dfc267a24d39572\d3da7ae4-acc0-40d0-8bb6-9e79275f9198\index-dir\the-real-index~RFe57e687.TMP

Filesize
48B

MD5
878baf47a96398c53f8ca9614ecb6c3d

SHA1
0274fad23023a7ee1b40fdd571297bbd44e398bb

SHA256
988d05d847cafaceb00e421a05e6dbf9da0205a7746e386af126a45e8102d48c

SHA512
d01c92de6dfe0021847ce017538e08c511e835c0bfc8ca976975bc8a29d180ec09d9b666919f719a0d5ad37d5eadde0fe758a2c59fa81b977178fc0c2aeea7c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cabbfc5e3b282898cfeb09ef7dfc267a24d39572\index.txt

Filesize
183B

MD5
de4ab7e4cb4981354c6510f7c92c35ef

SHA1
9ce4a43a09057c3c5676772633bff0280a291e28

SHA256
51e50cfebcd420e872a5e229bb4dd495334eb7f9387c64ac1c95cd86b1327f09

SHA512
a96aa7a5c5bff8da44db3ea2e5cb0dab4a98bcf767f350b3747d5d38d22a79b52c7eadd6fc1e03b644882cac29f219ab205a6b24585a4ab00e060723ee6c2fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cabbfc5e3b282898cfeb09ef7dfc267a24d39572\index.txt.tmp

Filesize
179B

MD5
8b8fb44433147f00b659c18888a9d301

SHA1
11f6c14ce30b82c58142167901906d90012797bd

SHA256
1a1924343c21fbe8bc96d102edf20b31e2cfb2bba6c43abdcd36ff296389d09d

SHA512
b428d1e71dd77972b490af019581c3dca7b489ff91271902288f4ddb05d1e6c6e9d7b5e95604aaebaa106c34489dac10db20e1c67d3d5a1691d65f317a60b3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cabbfc5e3b282898cfeb09ef7dfc267a24d39572\index.txt~RFe5792ca.TMP

Filesize
112B

MD5
77414894252a1ef700b8249640dd135d

SHA1
ef5a73f0b9b8b3b94f5d322a03ee1a8f202d904e

SHA256
831a1544ac3ce6c620704a37ce6d3758739b4650fcc12aed754eeba3d731099a

SHA512
f8040614d7bb11cd84c57b14b5eb3adf0aed0b485542660e4c8ec94641e68da796439d925e9b718422d78c50dba81cc1826b2024acdf65c900c8b06d83c3cc89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
eda40aa762658320ed940c196ffc603c

SHA1
b8623c4cfe972659b40f1a141d97495d817df477

SHA256
4f1620707454451adb4841ecd1fd258165f0de467fba4441e7fd910ddae804a6

SHA512
78a37894e2603d470a27fb4c5f7f8265d54c366d799af92d8cd7d72758a5677f5894b4d589e670bc4bd98366e35f0b1a3d82fa60042f6e7aac72e9069511f696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578c04.TMP

Filesize
48B

MD5
5814e3514116a375b07ba8559f5e47ff

SHA1
2084e87a7f90ffbccd8a292ec3f69ac001c94b5b

SHA256
c6d25b59c7a227af8b6b900e01736628f301f56ce20321c0fac21bf524663837

SHA512
49765780d221502a7661ad15aa735789d64e324eaf8ade4b611578cd8fb7485619d45ae34947ed5ee4ea174e22a9a3bae1771f711f7a1a219cd22ac214638c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e08d3e5454fafe650cf2d85c37978615

SHA1
defa8859ee3bc1acd1cff25fce37598a5079ddcf

SHA256
aa66fa4e640e353e4334489ae54e593351584b8b276cd1d9c586429d1c781d78

SHA512
fac525da8d1bbdd9c17ef16a20c9247b1b16d31542f787d17f186f9060992a42b66bfc1e32b58a40112f47d5ecb9bd25dfe17daf857c9f8092dd3e541f06cad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69741795cc1a45a2d83e5c018baab52e

SHA1
02bfc93d7a1830f928b89eda4ad622c2f5b76c25

SHA256
4e1068afa5c7d276582bc4993a66080f0bb43b0ceb2b5ad45f1cd7dd840dd08f

SHA512
ccd730c3b0a8aafd6cb81d5ff5e77315794cfeccd1b7b4172215c63546167ed2a9bf0f21145565686932e9e625dbb7c8d7177ca93bb15446a653ba7d618315fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57808a.TMP

Filesize
873B

MD5
a12d8f7b68f799887c3a8373fa3fef26

SHA1
20242f0e1ae4ec23ebe2da61aad5f4423aa903d8

SHA256
2335c320112690ed3494ccce8c809412d7bbf1f0a2bfff81afc0a8d5696d47f4

SHA512
4800b573d32ba1b20a54b5a3023e07d3dac3c3785519bc6e7e6ee1c89489ac25061cbb63aa1f3c54b540ee4f1d25b466bf39a1543b19768d58692584fac87f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c4395234e5b2517d32bc358ecb3b7ef

SHA1
c8bd99fd7c1b114ade672046ee68465ee1085301

SHA256
df96225af924cee55aa3c526f320b9184e551c1c0e95477c7f521c3f94426cd6

SHA512
326c08296097c03236db62cb72208865bdf0369f0317ebb8fe701be11fc07dc72ee61db92549ed7f1519f91a9aa69eb1da397d449521d746b05ded567dccc798

Download Submit