hxxps://forms[.]office[.]com/e/dvQthMXezF

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://forms.office.com/e/dvQthMXezF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
1328	msedge.exe
1328	msedge.exe
4968	identity_helper.exe
4968	identity_helper.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 3276	1328	msedge.exe	82
PID 1328 wrote to memory of 3276	1328	msedge.exe	82
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2020	1328	msedge.exe	83
PID 1328 wrote to memory of 2444	1328	msedge.exe	84
PID 1328 wrote to memory of 2444	1328	msedge.exe	84
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85
PID 1328 wrote to memory of 1600	1328	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://forms.office.com/e/dvQthMXezF
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e6746f8,0x7ffd7e674708,0x7ffd7e674718
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9500328915666937819,5931692270682383769,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9500328915666937819,5931692270682383769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,9500328915666937819,5931692270682383769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9500328915666937819,5931692270682383769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9500328915666937819,5931692270682383769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9500328915666937819,5931692270682383769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9500328915666937819,5931692270682383769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9500328915666937819,5931692270682383769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9500328915666937819,5931692270682383769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9500328915666937819,5931692270682383769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9500328915666937819,5931692270682383769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9500328915666937819,5931692270682383769,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c20ef86dd8eedb956b648f600416ae14

SHA1
e3ae3b2de9e03bccffe2ba983c650d4c216557c9

SHA256
0c15fd61b659258cf30fac0c26a6e91f5b98b3fd18abd9ab31f1e500cac2daba

SHA512
895aae34f78d0545c6c292d2e2238bd5a202659748f73e892c9948c79874921a7c58d52bd8d921c1f9b7d00bd4e39fea55657789713754237fadcb9f8c7d003c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_forms.office.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
567B

MD5
6a233c94778e10b550d9146d8ed7620c

SHA1
d7b3c650e81b3e2eb9ca57b699d953b472621d81

SHA256
840b59a64368ca85bfa10d16d50045b801bdc1faeb22d656f9f3724213b0b58c

SHA512
331ada6871f97ed9b9860cfe8592bfa4dae822a1299279be17123b796202d29595e9b08b11db59147ae78e2d3974313b84f9a58ca1998c8d74f153e0de3ca35f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13b582d1ded5f5c86c9e932e40429092

SHA1
76361577f724728cea5c67bf087715942cb4e3de

SHA256
6a174779739335d4ac77a4fea5332695d93c48e1d57754119e0cdbd58eeaea79

SHA512
7de794c012a3e32ac13d3cb66486b02a5639a7f9f978e33c840509cc769e821f41eb6810a21c7f6f9e6e908b8d0f4054edcb06b736644c0e8798dd45a851f1f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a78232f794ce26cbaded82720dce86d

SHA1
68ece7701807bed7cf27fc4572f7cc3257dd1ee4

SHA256
581d0054a068e34d971b3d2418eef186b665cfc7909b19bcdd98557e943c62fd

SHA512
be14e09aee4120a7207092e056f81fa5eb6ae776ae03132f554f0be2f69035083b6ad34b40fb3066d4512a51bb7b52f31e45ddbe3507f11facf8355df80f3cef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\0dd0d161-4c45-4357-889d-1a3bc272f650\index-dir\the-real-index

Filesize
72B

MD5
b7da65493a9cb5c4f0d33544b6bb6db6

SHA1
23286beb4720a3b8c48c25ae6004862280e9f76e

SHA256
189317eec02fbf3c64356b51383e3d04edd8cee2573f0ea4ced76e9177d2a69f

SHA512
4a7bdc9fcbb60bfa5cc3d8b71abc855947d1d88d485aa8f2553b6b20f4aec7653e2e6991412e43c77ec6ab0168408d125762ec5992aad5a69301c768aebcb94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\0dd0d161-4c45-4357-889d-1a3bc272f650\index-dir\the-real-index~RFe579c6f.TMP

Filesize
48B

MD5
e014fbab15830fe33edeabc4026aac8e

SHA1
072a76b74817299ff9b5ffcb79705feee3cc3672

SHA256
bdc81b07cf07a5ec305e34659620c740a43faa968c3bbe861993331340398d13

SHA512
579cbbb10041904abf21fe6e91edf4daa10ae7e1d78958eb8bc3bd99c30e079a13007143daa947e91af0a20a2d2c93b9a44fff4637a4464e1219df194121b3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\b9d5c799-f1ec-460b-a2bf-55dd85828f2b\index-dir\the-real-index

Filesize
72B

MD5
85d0643cd7428c1ac6024215801ab3d9

SHA1
3bacf4d726a40eca9652256d6a3299f0cf2b1073

SHA256
1153240e38e3b111e6e41e9fdab085f5a46aee09410af987d93ed5b516320774

SHA512
febb07af2226198e70429e24171887a7faa2f9cdd1e3cee6892ca07988f2b47c57addd908b4fabe5554025b3dd28e80961f38076dbfb49618acce3eb34270569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\b9d5c799-f1ec-460b-a2bf-55dd85828f2b\index-dir\the-real-index~RFe579eb1.TMP

Filesize
48B

MD5
180c052d7a33087268464374366b218b

SHA1
4f55975688f6507a27b6ac2506274456230698ad

SHA256
487c541b35ff9862d35c68fb60f13263857089795ac6a28a562e1ce9cbe2a3b5

SHA512
c209267eade31a902dc04ddd84ef585157f33ba7e8b4244e4a4f598511465e87c86f5f975a0e2bdcf317f31f611225db0e78852bf278f5f709599b9883fa967b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
155B

MD5
8c12ff967079a7ef677f7b3eb8f55641

SHA1
642ab9801cdf184f961c4dfc7d8fe5c5acfef874

SHA256
01a403e4af1fa43bbdd5fdafb706339337915e3ce26359db0d1b49ddbf7e0733

SHA512
67ea5b20b2fddbe36d7c9e07b31fa8177169d41a173b3d1c5e42ed0552a06d42983047508584c6ae8e1fb645403afbde46fb1e23acfc9ed6b9a886891bbb7e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
92B

MD5
9d4cbcd47a4480581d45c11de11f757c

SHA1
83b8fef03afd058a921ade476333f69583918e35

SHA256
f5348736b951a42ed3ae9ed64f3e8a9e259c9803407958d9e4796f3a259915c4

SHA512
7a8a676ef94459d0533d8053fc03ea1ff77730f25fed46f61a17fcb7a644399d00a32d02ff3f771ac3cd6a09197b9538401980e74bdae6a6583062fc6e06e3ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
150B

MD5
0611e5495c3fd53aacbbe4e42f9fb462

SHA1
8405ba3ed432ad36a50a555b8d35d540cb03bfe7

SHA256
02e0f5dfe823d5fed5c0a24207217e3070cd7d8e25f55b4320b7d0aae1d85a99

SHA512
7048a15cd88685ff65812a1d2561238009a973b1a6c725cc6bf9aac61ef51765778944bf847a9a950bb869c32b3b78ea6f304d23621da27d8d1e17647d989888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
66d0766285a451bc6eb3d80053d1b6bc

SHA1
f111352958ead1146e28dc7973ac6013bb3cc9bc

SHA256
266ac943717904006c874f537cb8f77569d7a4957782a4a2d89cadebdb6dd16c

SHA512
9da7c2881c119355d40fefe3b636dde46c621c890118e5dbcd0885b31247e39aad1ad324536b2e308a0acef072311dd39aba05938ee222b22dd9f56531808d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579c21.TMP

Filesize
48B

MD5
b4bf9a7b6e4f6bdafa96b42baf1ec331

SHA1
714ac2de460e67e77c03b821231910af060d7677

SHA256
2c74c4096b57532e3a9e7812d659403d8bce55a78574951a701ca82fd5c8cdc1

SHA512
3f3fd4bdfba657671246f13af45b4829ccc1f3de39096fcba42aa00d3658f6f8e3b8b1efe3042fdbf726375a937fcc8ad44f9797f64b68dda53dc76f42403d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
36050443c3ed26c9a2bfff926cdeda70

SHA1
e0d64e61861abfc3fa5ce3e54f7a863676ea6976

SHA256
25e06dde024f38f5ad004f7bac8f12090c2b5b3687405b2100bdb951f9b0b7a9

SHA512
781dd6e3d77321bbb7647c97607071432714d2e2315f340e5509c1eee169b9bdcfcd1cd04adf7c2eb81d7470563c3dac458cbc0e66f392f480b569e674bf1786

Download Submit