hxxps://actionmedicalcolorado-my[.]sharepoint[.]com/[:]b[:]/g/personal/zander_slaughter_actionmedicalcolorado_onmicrosoft_com/EZTGpRem6_lOi7qswgBfWJ4B_XsnsOMLgMxlp9chZWx0UA?e=Yh9ZOL

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://actionmedicalcolorado-my.sharepoint.com/:b:/g/personal/zander_slaughter_actionmedicalcolorado_onmicrosoft_com/EZTGpRem6_lOi7qswgBfWJ4B_XsnsOMLgMxlp9chZWx0UA?e=Yh9ZOL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
6016	msedge.exe
6016	msedge.exe
5432	identity_helper.exe
5432	identity_helper.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 6016 wrote to memory of 1344	6016	msedge.exe	84
PID 6016 wrote to memory of 1344	6016	msedge.exe	84
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 4284	6016	msedge.exe	85
PID 6016 wrote to memory of 3128	6016	msedge.exe	86
PID 6016 wrote to memory of 3128	6016	msedge.exe	86
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87
PID 6016 wrote to memory of 5692	6016	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://actionmedicalcolorado-my.sharepoint.com/:b:/g/personal/zander_slaughter_actionmedicalcolorado_onmicrosoft_com/EZTGpRem6_lOi7qswgBfWJ4B_XsnsOMLgMxlp9chZWx0UA?e=Yh9ZOL
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9eddb46f8,0x7ff9eddb4708,0x7ff9eddb4718
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,3932236621162596795,2140454366405415676,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
38KB

MD5
a2596ed493e28c36287418185a3c165d

SHA1
e4a7c1fec9a9106fbf1c9216f30afaeecd5de2e4

SHA256
30b5122729e40dbc9cb90e42d4fe4229e7f988a780cbf51a75b2691c9d3877a7

SHA512
d1ddb6bd22fa86503ccc7e4a7fa6f0ed10cee7910ba0cdc4f7c4dcb78631b12820cbe70369a05a9335391e355146b1829b0d2fe080973c7c64b4d15a7e64155c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7cb1f576b2f39bced714c1343b08d694

SHA1
440fd2a4dacfc6df25f0086b4a264d0150ce61ae

SHA256
04f96fdc7c521b3f2685784c32bdd80f5088bd4315d9c48d7cefc80fe975925d

SHA512
6a37482919491582674763bbfe83e7bbc0233e9f291fe5735a6a1cdc34bc9a3ae688c6b4d73df70cb76ddd9557f1c177f98df4b60f688f58fe59aa3ccc7ba05c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
530440db8ce78b51dc4b1df3aed4f6a3

SHA1
99a802e1577e92755f4e819dc6ee0e1ee5b3f7d3

SHA256
fc6d814ac4b8490d0095f73bf68a0a3d3674d143f3adc5fbee8d79f0ed00a8b7

SHA512
2f87fd16dd88d0c8fee4c7a19bc4b8827d6d60159649488df4f36080184852352ddfbda71d0bb30be6119d8a06b45ad7950cef5b21acdfb8a49fe119f8a795fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
85545f9ac1001cfc1c19e84f1b29c01b

SHA1
da3d1fd9a4426934e245089820fd514e6c6f13dc

SHA256
ace8de9b30cf870d543c83cfc36e59628e3a87f492f7650f79b29d2032676b42

SHA512
e592b3f7a51e9d4c222215ed857b940d7e43ba589338d065eb9114c2e08b395244e956e372ea8a38219ad87e7dbcccc51ca72758f742ffa101e4994453353703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
453b448d5b599cdcd1c8ccc4faa016b1

SHA1
d789d8eb9e025aac04ab22281e6614a3d92a74ee

SHA256
b99f9157fc584cdb3d9dcb81bbc1fcb66dd009640a792b9e87b171b4371a573a

SHA512
79b2c614014d4dd809d51fefd67fc9a65f12073c18ab0c069ef6be54df27bf754a722ec7f1f4f78dbdbad79a57376d3fb1b1ea4da39b33ac79f25f8c450b1ddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cea9b48cbcd702d8f4977bdef1eab38d

SHA1
8ea9453191ce2aac565870e39cfe706cf09641d5

SHA256
ff6511368035064f37c37e55b122a64cb63cff1c28813dc84fdc15525b79efb6

SHA512
1ca4909005c1a18839718e2368a470f1be590cd00a155af681eebc93693dcc45105762de35b5b4ed1159ecf5c44f4136875f2c424e9e03c05d86b95b0175c13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0bd9bf34c8a973488381aee9a8e5fd3f

SHA1
4fcbfa8dfe3ad625d828997d0336f698e09f6981

SHA256
1d4ea7857388d9c7d7ad34d0176b29b6d54e7885527979c49d56ba21a1645ee9

SHA512
63621ab6f409fb91740c5f167b860074193851c079e6dd1e4137e0213e7cda47c98d151d5e3e03d50baa21cad5b38906128afca22790ab7fa830b505cde2692c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\88b48cc8a53bcf1cc87ca3e093e6de04c1ae4279\1edb1764-e912-4519-9939-21d1cb38b220\index-dir\the-real-index

Filesize
120B

MD5
632a09fd39835425d5bd5237763db6af

SHA1
bcf9e6f0c41a9c7a1e234c2831244841244442dc

SHA256
0f77c7d3dabb3659cb5c56364dcabda1181b44056d5b9dd62baffcc39ed8aa12

SHA512
3a308fa0823dee5f550e9b02f59837770aae6546184377910258ef00b9fda2268eb7889e298b812b903b3eb9597381d2c382b7ddfc0566d16237c0a1e00a1914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\88b48cc8a53bcf1cc87ca3e093e6de04c1ae4279\1edb1764-e912-4519-9939-21d1cb38b220\index-dir\the-real-index~RFe58f5b5.TMP

Filesize
48B

MD5
2c7ecf838d523cd7dddcd5b2a19ceabf

SHA1
5da0dfd22a9eb6efcd7c09384ada6973e6a443c2

SHA256
cbc5b47db72eb958a250d49b0c4784466c91fff8105891e8db967d712ee51c91

SHA512
4ac299fc8160571a6958f184bb7c96d34bba6f859fe4d6e077e9d8cb2976c457332a4798b2da653243d0c45e012e3edd747348637a4740336ab363af99d5f83a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\88b48cc8a53bcf1cc87ca3e093e6de04c1ae4279\1edb1764-e912-4519-9939-21d1cb38b220\todelete_7a48c130a6a40c0e_0_2

Filesize
142KB

MD5
bf86ef85ec011723c87685d2f29d78a4

SHA1
71b5ecf934c8bd38fac70819b568100f5f33c109

SHA256
9a568779400d637848dab43ce3f7c6970e4e3f71bcdcc95bb2a04079e38ad66e

SHA512
1a9c9ef56da9be4ff64ad35b0f784f7cb2415cd96a3aacd2b094402c225887ded68e52bf3629314d35675f55d2dfb5fe5dd5aeeccb75507d5adfedb878c3a41e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\88b48cc8a53bcf1cc87ca3e093e6de04c1ae4279\55cbc5bc-4688-4bb0-97ba-f962d8bb0635\index-dir\the-real-index

Filesize
21KB

MD5
b57addae788a9f3fd41b1afde6d9d5ba

SHA1
e3f1e2c09b01e3dbcefca5bd2f197b9faedef990

SHA256
7bd21c3d0c5ba6efe26688183273926d8e239f134f2eb80f57f1af374870f283

SHA512
58d08c45a7cc65b922fb3fd9c9cb8c1dbe84b007f27ca550036a97bd2475bb2b8fff35f17391938bfd95132fd01d22187e1d63524d9ab96cda5da73f5f62d488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\88b48cc8a53bcf1cc87ca3e093e6de04c1ae4279\55cbc5bc-4688-4bb0-97ba-f962d8bb0635\index-dir\the-real-index~RFe590093.TMP

Filesize
48B

MD5
43985ae46343b8f303b0a5af4f7159c6

SHA1
1f9105b9be18be323c9fa86845c759e8e2a72c19

SHA256
ad66199dca2a743bcd5884d4c70642cd52c258223dc70c9dfcd960f5d3ec80bb

SHA512
8fae87792502048ddda1e331d5cfdbed6e0722332c9b94dd0d76c8cb6be376cf29ade31211b34d903f645142b63faf02c626cb36502cb7c268d060ca97b8bcb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\88b48cc8a53bcf1cc87ca3e093e6de04c1ae4279\8d651e04-973a-4fa7-8749-4c92a2b1660a\index-dir\the-real-index

Filesize
768B

MD5
61315651b92b1c2d97d3e8514430f22e

SHA1
0976c9b6952f0dad63f538cc517324bf5a2521b0

SHA256
14d20120fcaf954bbdbee35ebb76bff354d80156c6783799520433b08e4c842f

SHA512
b4d44fd0cd82b06eb2d45b23a72d8efdc3557206c42ed94fb8381bc7d5a2b776cd21ca950fda81cb1e8a7367a21dc42c712fa69c44c2220d62f6e1f822b0e69a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\88b48cc8a53bcf1cc87ca3e093e6de04c1ae4279\8d651e04-973a-4fa7-8749-4c92a2b1660a\index-dir\the-real-index~RFe58f836.TMP

Filesize
48B

MD5
63da5a3a4f95cf923fc35d443c92f540

SHA1
6a44946c38b6b9abdcdff419094c644933d002ac

SHA256
2ce42b3c3aa2f078b8179aaadb1798bf1cca0040520d04801f338589270c2156

SHA512
7d966c72ed7db7f3f73cbb8cd5f7b9bd7339511ee81f26c5e5620b3aa951879df565ffb26227c1eeeb4344fd7ddcaf7cc374cd4eed383a75337cfbfe14d44adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\88b48cc8a53bcf1cc87ca3e093e6de04c1ae4279\8d651e04-973a-4fa7-8749-4c92a2b1660a\todelete_7a48c130a6a40c0e_1_3

Filesize
288KB

MD5
b82ee03f6d52ab7fefce8cf61caa02fd

SHA1
653e1c87d7b471af0a082e5a2b948c5f291ceead

SHA256
be51835a24d46265708c58dc2c32bc844f812ebf0cf3e45e34f9bbe8cd64356e

SHA512
48e709a242c4bc2511829eb892abe021d47fe236ba60e0ffcc851bcf6e7409e08988a000400da04157fd2fa7bc4d240ec7afdf47915061aca3fdfef738d8963d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\88b48cc8a53bcf1cc87ca3e093e6de04c1ae4279\index.txt

Filesize
121B

MD5
fef555418cf3aa78e4781788f76b1c9a

SHA1
26fa1d331299bf209cbc144d0f403e677b0bad85

SHA256
3a71b5f857dc0fc75c36e8392cfa0fcb215b02c3b77e73dae62a53ddce5c07c6

SHA512
0412ed0cb0b3545bcf005bfc4edcc04cf3cfa154d54a25cc5ab6495ee5916d2001e6251c0dd86f5bdcebb9ef2fccbf18d144198d7d851064648fc8f5f597dcdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\88b48cc8a53bcf1cc87ca3e093e6de04c1ae4279\index.txt

Filesize
192B

MD5
9d33ad6281d776f6ac014e6bc2209bfe

SHA1
a515d852ee00d314507fd0d0eb794051eb53e2ee

SHA256
3527acd820b363b0350aa26e006afbfaddd6798dadb912b0cb774f25e760dc0a

SHA512
3231139f31f7667082579d08b72993c51516d64e2db917b860f37f80699c0ad21c68a594cee07a429be11a4bbc2990151081403353d70f3a1b9812751ac12c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\88b48cc8a53bcf1cc87ca3e093e6de04c1ae4279\index.txt

Filesize
258B

MD5
55384a6fb51beb21e01f30352ddf274a

SHA1
55e4e1ff9c95ece94821c3f724cae4adefe3f222

SHA256
65e44826a6ca48fd962d9e870156dd1fd5f7041acd87f835e13bef0ad0f53a7c

SHA512
1d6ec77d91c214689ffc75e549c11f9283337985387305f67208364d359f2b68120d464d00bae4dd99689a78008f38f2b80343351b8e28b1cbbe3aa2b39dc704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\88b48cc8a53bcf1cc87ca3e093e6de04c1ae4279\index.txt

Filesize
114B

MD5
23f640159884f1fc2931888ca6e482a7

SHA1
ab221f6832cc23685472c1c6c453b417856a757f

SHA256
077ab25a1c9bf32668e4337222f095aad4d8c2f7efebe2542abfed0fe40944eb

SHA512
d4ebbf2eb26f9a1a115759e19ee6d9249aeb82ae9e761b1035589eca0bd23225fdb2f52fd80884c4c2d71e8576c25ff5ea19fb613111bef6ec2369c317dcb5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\88b48cc8a53bcf1cc87ca3e093e6de04c1ae4279\index.txt

Filesize
253B

MD5
52133b158d94f448892a3d1a0a5a0043

SHA1
78c73fdb24ad28f364f1bb6ede0a82bc2f3bb8ce

SHA256
5244acfa8ab2b5458353117a40340f7a3a0901f2581356f6338441a03f6d81fe

SHA512
15dfd40501f56cc007952d32fe9b12cce288e0fde578a9dfdaea16c994859a007e11a9bec21951dd084d2b0aa76013e09c28620ed1b2bd7fe647fdff7df2ecad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
bdbacf7bb38c0e5abbf636ba354381b2

SHA1
04b47a9c263d04aa981bd5549969eefc7719efb8

SHA256
f284cd0dc58a4f73344935551967e84a62ed6ba08378c2ee9f1f9804ab89e183

SHA512
03fccf4fa9418def75c3b8e266b15d76ec25891b351127b25300257dd333c6e477045356ac3e6b03687f35659d6d2f92f98de406393c0da22026d4a500b4626a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579c5f.TMP

Filesize
48B

MD5
bfa7e08fa6374c3f18831df5a9bb3253

SHA1
a71633d99da54b9f3738608f806c367a47fb6573

SHA256
fb8ddc017b2947c6a64935a01db4a7d630c578a1466cb3efe2e349989aba63f9

SHA512
8988fa14553e1322d4c88355ab7b8a6cd5378b0d274b9f0e0f8d5891243ca8d9145c3a642f044f271f5aff17b3b9cf6d79ceffdcd074977f280cfc812528ba84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
f6d7cbd1a74dc0c2e12469418cde5c53

SHA1
57781886c9949ba2bb3761fe4462099739b05164

SHA256
f2d5f5a1f0508879f46389e4bce7937d104d90946198e58b1553c0bb35f4b9f1

SHA512
3b490db876d20083d2d3d6a931e67a943768c67737e9f711b4794c8505f64bc4ff137d34c5a9ea9a8012638123943904d91eeecc24b987aa75b70ef09adf74a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9d081d6268ca8d20ab648e9651583fd8

SHA1
fc0ac939441620049a27ccf179e369c1aaeb96b6

SHA256
54d04bb0a513e53d3577592385034a367d07fc9f1b1e45f5b846c0dad5ff46cd

SHA512
a9618f90fb1b0456d585ccc33cda83913f89a5218c98c186b719044d268e5e618c6bb51a0587aab0e175fbe4ff0283e6b87f83656a2232dade2eb4840dfc9f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
28a2222bb9833511cdcf784eb2015952

SHA1
a884b8efc07621ac76fc1cd6d58ae93559448061

SHA256
7fda745f7c34a8ba24cc3f492853d4d83d84c595403c39d1dc7456a3807bdc89

SHA512
837d2de0294ffb3816041a11221ad7cc86963fe4c5a61acbfee015ed4d0fb1a8fba825c13c7ec9588f77b972958b066c48c75637f5e661b14998f0f97f481d5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b04b3bd7cfdeeab9a5991aa9ba95049

SHA1
305e72173670d402dc0084216474f9cf900bf3fe

SHA256
5b505830ac64e595cfe7284d9da382e98a428f48a2909c7fec128180ca40c969

SHA512
ff8277de67b7ffedcf1c31d2ad8f19158fd861e566f31a5ea9063d7b5fee5008ab982acbb1856c0bba44626140d2fa83ce42bf15157eef545572d6f7555a3f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f7481d1ee146141735759c15a07f725

SHA1
2b3855590344852bcbf108150003d21b5a93b53b

SHA256
b3e3624c9bf2522a9c3c4e70beb9bc4fb288565a6554a852a3d5294f3ea4cfa6

SHA512
faa38b9b6bdd1faf811eb7fffecc8b6d1b86707d350976ec841f9415335a66f7d070d98eaefab68db2eec889e111f94597ee9014da0c3567a2b6b2a58fe40e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d14c6a7023832c063f40784dccc76bb8

SHA1
2dcc1669bee2d78cda0422a1a12a5156781058ec

SHA256
e650aaa767eb5d1abb8c50e638a8e3aadfc51684a702dd7daec854572834051e

SHA512
0b43a44e3ecc7753248e0fa6ec1c3e4d815bea3ac233dd058768f9987a32a376d2c5a84a8860bdb02858010299db506c00c58328f5cc596ef480a08b54e6e503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7546ff0c7e58cb89610ff33d19ffaf3e

SHA1
3247505f9b3280c0dd3717dbc2cb3b6bffea4716

SHA256
304a7aefe87588b2a0a2417bc99f75da8998b7a027931e120e27d59cc3f8e3dd

SHA512
03756e18234c9a51bdac37a6a0b4ecdbc54e024119817da6e29cf059fdcccdd8ed85c9df18102e156062e848f41647dc5a8e21790056d5ad3abc8c8dcf16856c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f41ba73cb9bd4913f8e3350d7ffa3b73

SHA1
f89183ab80a5b8a7a9cd14624f039be79cfff536

SHA256
d9262f3f7d349da84ebefa3c36ddc649ea28cde59e2a3685ad20a647e64bae5a

SHA512
7b69030f43b7d6ad75ab583cc0551cb26ba624a8d0d3031a42d5af37b41cf9a258ee49a6977440d219d09a1ea44deed0180715a8cf5badbd9359a126335f2e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
605ac76f4f7c456251f2d7bec9ecb221

SHA1
95ac0ec007d5e6d8e72658aa0982590a7b4aca70

SHA256
cece56a3182c501ab6e798a2fcb2fe995abdf7cf9cf259a393fbcc973e8cd340

SHA512
a5068f980e7715ef87a55208af0dc44f39ed38f36d16140415409a27d9034dd6ad92a4b9a1d03aa9fe23fbf12d6ee9474c5a657664a174fff8bdfb213d6d6b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f03a96d60ba6905c26fcdc40090153a

SHA1
dab7cb7254374d8cb2de3ab72f459576d6a6797f

SHA256
bba8d7ba962eb3228e62fcac76ccde06cabbf4faeab25ef58c80fdf8170911da

SHA512
7fbdacb95c34c0bc5d6fb93431d898fa9841ea1a07ac76b4c411f1c62e336b59a6e047f90c676c188abc95d434305cc310e69ec586b67ca87707cce29597953d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc6e893a593be81a8b94c91db5876f8f

SHA1
386edf3f1a8ea0a89c06746c9aab96f8b040e24c

SHA256
a54e5190b620071ed8697a79302451173dfca605953b60a817eb514525b154ea

SHA512
933b149968895fdd21f9aa0ecf9ff5de541aa1b9c53377d0f7b7b1f04338417d04933e12b2ec2efaf7af9b13d80d7a3aac704966241bd2a3f24157d0c0336312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578a2f.TMP

Filesize
875B

MD5
6766cd9be5e0e477ce5cf39c04e19977

SHA1
833818095247419b7dd7339b099176ad31b15c3a

SHA256
b3bf6ab6d5e23b266508b4d2c830b161d12a39e0f15eb12d3e3f6ed7c455c058

SHA512
3a1c7ea686c7fcabf9e36526b2733acac6eab54584fa0d36392574bb1e00b70c4d30bfad4ba03578c3a0396eb3289032eb11bbace013d85d2dab18773a691ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37d3d210d9819f8daee5701ed7d0601a

SHA1
a7d1b83d5df97d0240323b6280049165ea7c7057

SHA256
e5974632cb92a3a2470a528b59f1d0488680f832058266733b2059b9699a6110

SHA512
2ce17d710236c591a1f0300b0e9c605ff387a5bb6a97baaf4579637eedf19bdebac726f8d6b3cc40b3e13b99785dfb2898ac36dd9dbc46479f4f8cd8fef26a28

Download Submit