hxxp://portal[.]ofice[.]com

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://portal.ofice.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4456	msedge.exe
4456	msedge.exe
1700	msedge.exe
1700	msedge.exe
3188	identity_helper.exe
3188	identity_helper.exe
5788	msedge.exe
5788	msedge.exe
5788	msedge.exe
5788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1700 wrote to memory of 4384	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 4384	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 1624	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 4456	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 4456	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe
PID 1700 wrote to memory of 3720	1700	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://portal.ofice.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca124718
2⤵
PID:4384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
2⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
2⤵
PID:3720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
2⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
2⤵
PID:2876

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
2⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
2⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
2⤵
PID:4128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
2⤵
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
2⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
2⤵
PID:5408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
2⤵
PID:5580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
2⤵
PID:1296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
2⤵
PID:5916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16695965031920955198,17179776812975762303,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2576

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
fdeb4e37f04ae4ecc0ee294c93f643b2

SHA1
23be8d9ad7cf1bcca9895eede5aafae7a882abcd

SHA256
941629bccfc0f030c98ccd3cf1e9c97b5e37f53685da6530af776152b2d38e23

SHA512
2638e204ba69f86c6aa594050c77f8255af3f868c567075030fb4ee1971300463fe7ba057ce42993023e84ee0b927712c81a3eac7a7f264f7ea277d1fdfa47ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
7d6c20bfe6b93fba74db990e195587e4

SHA1
06c5f323a878ac8be5bdb8d5a37531991b6d76be

SHA256
0d4ef2548fc3814e1a46d07ba4d8d1618d297e07dd31fecac129e644af24471b

SHA512
fa6762ef47fb92656a97289b52801c1f00d8529641d16bd87a0339c129aa159e1994635d0153e20dc71458cb81f4f8a6db0424c41b080f375f0b39ddcc5c63d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
15c7113b82b6bdf6f64637d332243610

SHA1
86aa14bd59189022a73904fb4fbe1c85a805ca1c

SHA256
57057c73cb872f8c7a234ba1cafc0267e2ddf5c1151d544e18bb9c780978ec78

SHA512
add7ec4910ca1e4c18d333bf36f16c988737929a881d6c6430e659238102defa58971963ef39fd64f47aaae862b159e30b952b435e92e2ff8034df0af38cf99d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
fe8dd7b4729d555e945f76ffeea4600f

SHA1
22301152aa8efdf5a3e48c8585f8571bc024a0b4

SHA256
73b36e2e1f2f869b0556e26ad390803cf34d7acdb54b8b626f0e2d7bdb2b2ade

SHA512
7659adbe16e5a23edd001e1c07c9c30fc5cfd61d5eb042f488044f928e5d1a24d222b274e4052cff85ab05bd271b495f542af5c2fa0c88c2ae0329e2879dc55b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0004940ea3327b985d243583295e3d61

SHA1
8d9cd88d2f67d70a46ff68feb12096c9ee5a4a2e

SHA256
783cc6559fd5be2cb9744975757c65cfb0b9baa795700f23c8bef1b37ae16b04

SHA512
06d6bfce7e29a448a84606e2a6bdc0aa3cf8551dffe5b543b3da1553041572341d182f8599de2997bbdef6d2ec89b46f60e6be1a1eb63ef2a073d61054f29db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\0e029adf-3ac5-4834-b429-cd798bacab52\index-dir\the-real-index
Filesize
72B

MD5
77c50ef8d0c3d3e3f1b94b459efc0d64

SHA1
3a206b8a6397a9ea2596b5dcc2f5ce6a13582a20

SHA256
35a2356d9fa7be2b04db058729e9cdf7d3262146081a32b9d7b832beecd05a04

SHA512
345de6073f86f908a8b93e8cd1f8bb2540c90a95d1653066e56a506d17cd62d737a780905b7d6718ae30ee79bcc90201c6a08447a52cfda5b2033f2313cc5a41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\0e029adf-3ac5-4834-b429-cd798bacab52\index-dir\the-real-index~RFe58051c.TMP
Filesize
48B

MD5
51693bea283dcd1419e6dfd5aac6688a

SHA1
dc150e2dcffd8fbe93597794f513a27e4ac19219

SHA256
9351789360a5f1be68f0f88a73fa6dd28c8abe6156b783979a57ee2459a3b3ba

SHA512
ce101fa2728a3edcdd4f532e8d3c1e4a8c4493fddac5065ef83d2a3f5cf71bb411e2e636138fd80048f0db9c6362183ad8c7b257bd3b6bed9260b83b0b566d7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\0e96fa35-9d83-419d-98bf-df315b28b174\index-dir\the-real-index
Filesize
72B

MD5
66cf7468d310f92b1531143d39f54027

SHA1
524c55144171be4fcfa218b9c54c05d9ba684008

SHA256
2a3da4714cb427c4f6b8ef2007809e36f43d9832f9fa669f4112ede57110f8f6

SHA512
88a8293a3a87ea5ff181548a85451595147f34c1f55681a97395d797a83a03b968f26b888e7a2dff3b1d6468163be7eeaa1fd166f61171bc1e4a03f4f9f04241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\0e96fa35-9d83-419d-98bf-df315b28b174\index-dir\the-real-index~RFe57f9f0.TMP
Filesize
48B

MD5
7ba342714e16fd06233410223246b9a9

SHA1
42673c55d8c09cb0b16fd78b1c1b860640bc1f1a

SHA256
85919459707588967f60c27d20eea6686745c8c9bc7d14bf1478ee1bf077e676

SHA512
aaa67f328579ef896906e504cb2da34839d94788ef039915590cd1f18d1742ecc8cc3eab1cb30fd84b487928f0ebef5ac7d1b93ddd72d11607ffb28568d601ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\353f0bc5-54a2-40ea-a44a-6e2355045880\index-dir\the-real-index
Filesize
72B

MD5
f9e0e734111c533d7e3f9a4f6198c3ca

SHA1
7f3f7dec1942e6d24bc69a94f5baab8c62305c19

SHA256
7107f854f1b364dfa025f25bee9556bbe6e6e5bd826c62c3b02294088c835757

SHA512
9c3b4a977eff85283acce50ad7622ac3945d4a33f51476a4bcf036b1df363414f3ee77b5fa17db48073454080fb663b025ea25143cc1e9cede7c2c1b1cb85cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\353f0bc5-54a2-40ea-a44a-6e2355045880\index-dir\the-real-index~RFe57fd9a.TMP
Filesize
48B

MD5
afd59ca7ff05c39ff5a96287e300994c

SHA1
82a90489af571b0e6ca305658433082c8f303153

SHA256
e59c30890f7451855f1a6b3c09d0a616c9e33ba2402b4de13b17d5973bd4c2cd

SHA512
287f817ed4590032f60e142fc4d934867bd82e1eb746b2c696e9e13bc33823637c443d783e147d9e791186902684f5bb0891d67842dac0a97ad88ee12c47cb71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\973fa7f7-b40c-4770-bc74-d84206a73c12\index-dir\the-real-index
Filesize
72B

MD5
8fe6e98db4fd494ca75166a2a6af180c

SHA1
e587f65b64f2e1c2e57057f924e5b5bd3be3aeaf

SHA256
b7ae65bd0194ee8bfc0b53df6afc2bfc89b5ab1dafc63d3ed7c46cd2a25513fc

SHA512
37796ca7ebcea5d1bdfe88fda30c52eb3d17f606683a26e45c975368a334b4bbda94ccc849a97865a55d5389d737ced1faeb9523376968335a4c8391d2bbc204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\973fa7f7-b40c-4770-bc74-d84206a73c12\index-dir\the-real-index~RFe57fdc9.TMP
Filesize
48B

MD5
6a4969c746554a8650ce1d0aa40bf8d8

SHA1
4e84584beba104d5347bbdc080bc980d4d92a1a0

SHA256
954e30f757e90014e0d05b1f0c9d3741c1dda8e3f32ad23b00102c5f5fcb04cf

SHA512
e78f8f9245529ab183a34d81fb77a5c9b3f8c8dd1b89581694dd0461e89e17be65df7d7ae8109118069189ac8fd88ce36698a0496a76404dcd2521e6e6b14f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\cff607cd-5ea9-42d0-b854-9f0c05593bb3\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\df373a33-2af9-48f2-a58d-d3ab7c6ec15e\index-dir\the-real-index
Filesize
72B

MD5
7ab68051738686bab283e9660b6294a2

SHA1
fc04a36a85f47114e7eda501027fbc8c4cc2cc74

SHA256
424032d386c98f42ea7d0fb05b4a81a7ef516af906f7b04192a5a70160be3a6b

SHA512
f061a29be582c522eaf1d4cbfe994455ffd58393f450b2dc212a67901bf575cc1c0d35c7179f27201b63ef47b8ad000951c61d30dc614a87dd4aa2b444b48a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\df373a33-2af9-48f2-a58d-d3ab7c6ec15e\index-dir\the-real-index~RFe57fa7d.TMP
Filesize
48B

MD5
c1b74fc97a65257d8a8ec5876a5328eb

SHA1
6ea7d20cb01c24620f2f45964796b686cf9acfdc

SHA256
1e44d12f361976a8452188ed3cad00711dd64cde12528083751269c2b9f9c35d

SHA512
3c5d45f3e6cbda0633e9c73a019986301acea5a6ac41d90aea90722973a04fb96c70cdd22ed079cb174070f17d64a793f2d1308d6ac9d7ca5b040b01a824b296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\index.txt
Filesize
114B

MD5
2bd909bb1e8e7a598292036bbff80450

SHA1
a4101a214b483f646aed2a69b1bbec9467b29add

SHA256
95aa6ad363b9a4774aa0bfd8324c64833976e523a1fa239e00de04bb9972e715

SHA512
c10051efb62ace72b6a9535e8c466e91d10393f5f9831bf1c3cfcda1326e1860fb0c0afb9a401bea2c081f582ef6c61e27ca4074a16f79b82f7da7020df08274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\index.txt
Filesize
192B

MD5
d6c1f76eca19c6a9d86693be25936a36

SHA1
57f094117d95fb0f201f098d28f70425d0d9ec46

SHA256
bbba5c11c0c5105941a15279d8010acbc363efb013a5cd30fd3320453fdf3206

SHA512
a4425e5e06fdc59f933f71e2b75268986b9f70d7d3abb8602532ab28f7665abf296f095d826df4c8f36567d423eae75e7627b3312ee21fefa376e55fd61c407b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\index.txt
Filesize
250B

MD5
08a7409169aff82635695d89be7252f7

SHA1
60deb570d44801503a17db581c18c5d24b21af1d

SHA256
245c239020730d06781c2afe0c493b334a322d2e4de3e8689e46578a78c6b77e

SHA512
5521845e421b50621f808675cbdbbf11ad0570cee7613791bbaa097987c01e63e9be839a0ed651728b15e8e89c160a6f0c79b60768a40f4524bf1f8d29cd1e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\index.txt
Filesize
323B

MD5
c8f10f75c0339e7744ec4534588e18c2

SHA1
62aedf7f288bb9d6da72853c65a86e37ec9c863b

SHA256
5e33f0c6a94c9a06069c1a83d8c41a8873cc9dd7f3332eb474d97b891e5e2f15

SHA512
3717be6c584e45e9058179cf4a15ec4fb1b5c8eabc8d3d6c56977d111d8a64c3d809cc7e755853c17bc5036cca85ab820bd3e080120fa1dac486d65bb306996b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\index.txt
Filesize
377B

MD5
04db12680000b991f9e5552d62c882fd

SHA1
c31a4399727f11c97d941cbdd38d1bf09c5befa6

SHA256
8698377652a5fe360d939f7f164fa0121f16ebb0430fcddf6bf9b0fa8237d1fa

SHA512
f18144f1d38309e5965217984e6eb936d0cfb392dca1a0b4e70daf408d6d2abb0b4205170fd52fd1c3305512de984461ee7710809e45a384d407db1cabe9d5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\index.txt
Filesize
441B

MD5
2c7a929d8ced6c28472f69fac4795a41

SHA1
98215dd071fe9393bbe6382cafb0b0cd2ca71468

SHA256
374e46ef93298f1b7b936de5a33abc789fb4fcb6a61412b8a0fd7ee2ac3dabbf

SHA512
602dcf26bc75ef0dfb28a0ad8d301a021fd37ffdf03ae6437ed70944f6467743db2075cf1e92b4192c335f76ee2fa7487c9cfa41b5d1c7f03cd6ee37e52118ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\index.txt
Filesize
499B

MD5
eddbc7d153ea5639ed4e10e52a177663

SHA1
213633110cfe556dc03567f1b00a039844ccfd54

SHA256
edcf3562327df1ac3a54b8e90c6f785df25f771d1582ded11dd257759649ccc7

SHA512
1f39128f93d9c4373b617dac975ee6504b3d6153b619d333d15cfd9ffa8eaaf16c37f041b723b608840720f1f8d0facaf86983ca5b27856a177fb961c10acab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\index.txt
Filesize
554B

MD5
9434f63d3da0a3b735465739140254c6

SHA1
b32fca32149407b502da7ed9f503776c6a789e4b

SHA256
36dff38b01b901ff276729c4ec587f77e16d96b84e99754466e0f4ddae8bda43

SHA512
5207de1dbdb11677d7ba9b366ee8ee0620c3070bc59b6722e5808a221265b0425a5d543a9ad222bf36c1d7dc68e50265f78eedb0d272a197119c382afcc79ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\index.txt
Filesize
613B

MD5
658fbc0c160817c2d47ba8e6e7c50129

SHA1
f708b5eef7a6490641e6e00d13be7fcc738cc5f8

SHA256
501e708dd2a4a0f16878b370321a4be851c2c08bc622045f61ebf0b687fb41c3

SHA512
bf3f1a156d8224c2b184a7b5d2419355f5c4176242dc1801dd5171954a00314d6d451c1f5cc73d66ea55620358d296e42ce5c441d18eb8859295b60cea44507b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc196b01a383165399e1c420ef679a1b0c32a67f\index.txt
Filesize
607B

MD5
4541e41a547ec67dc0251d639855ff1a

SHA1
085244bdebaf43acda1974dd4a6b284a03be9649

SHA256
07fadbcc0baa32bc1dfedc456a9bee296176eb1f0e80a27558ef4df3cd1c0256

SHA512
020695f83fc2b35d79aa9015ab69d2314c0be1c850332a5bc142aac82291d19e240225c072f909c3ad4a0a4a8738c71ac7b9f898e3543c00c1c5ef2f2f15b783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
e1a6d489d5154fb95c4804cb08a460ac

SHA1
b30dc5c6714d8a0db465323f86d3cd27b3afda04

SHA256
1f8c2e2ba46950a17a24b6f883296c0c89bf32f37a86dd6cb250f591a3cae500

SHA512
05a3a0ca2fb412462c41fea12a5a14c8974eaa08d44bfa3dad97d7ef5ffa881d665bd447a9bce403bd7a4c8b269b42d9a4a7bc52f66ac0e907559f264832f480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d8eb.TMP
Filesize
3KB

MD5
81d3d61a3918591713ac4e706d6e2ebe

SHA1
2fcc61e1e88c06963b68717fe537dfe1e437ccfc

SHA256
47a7c9cb9aef8d712f67714204d27b904c8d0d0f7de6e499b12eadedae70a8ac

SHA512
9849f4fda17be13ea2e41482c71b931d18e00c1b3e4f94fdf979dc32609d33022b6f0d8fabe64569c40426728a875acc4694935369081a0f78d0662a9d36f75e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ffb331bb49b420dcefd783ac94e5ccb9

SHA1
c8d00ed15f12487ffb1a242d22f4ea635902b82c

SHA256
ed579a3878584b2329e3842b3fdea388b03e0f5ecc74a666ae983605441471dc

SHA512
0a4102a15f0a2b4dbe5f60f79cbc2c27c0933af2437e9a1d9fe143af4fbdae95c84d35578506fb18fd062e170b5910bd62864d65e13e516431a561733039b19e

Download Submit
\??\pipe\LOCAL\crashpad_1700_STDJJULMZVKWPYNY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit