hxxps://homeservelbc-my[.]sharepoint[.]com/[:]b[:]/p/rhart/EQZ3uDoOu-9Jrl9tfJsT7DwBVWBgOllUR8wZAZK-tM9HIg?e=CfT5dG&xsdata=MDV8MDJ8YmVub2l0LmNvcnRlekBtYW51dGFuLmNvbXxiMzA0N2VhMTNhY2Y0ZmE5ZWZmNDA4ZGNhYjM2ZmE1NHwyZGZiZDAxZTk0NTA0NjU5OThmMzk5YTU1ZTAyMjg3NnwwfDB8NjM4NTczNDk5ODUwNzEzMzY0fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=OG5GS3RpdHJ1TjhYdWN1Nmtpc2FRb0J0VnBLMjR1NEpwSmtybnBwY0hRZz0%3d

Analysis

max time kernel
54s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2024, 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://homeservelbc-my.sharepoint.com/:b:/p/rhart/EQZ3uDoOu-9Jrl9tfJsT7DwBVWBgOllUR8wZAZK-tM9HIg?e=CfT5dG&xsdata=MDV8MDJ8YmVub2l0LmNvcnRlekBtYW51dGFuLmNvbXxiMzA0N2VhMTNhY2Y0ZmE5ZWZmNDA4ZGNhYjM2ZmE1NHwyZGZiZDAxZTk0NTA0NjU5OThmMzk5YTU1ZTAyMjg3NnwwfDB8NjM4NTczNDk5ODUwNzEzMzY0fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=OG5GS3RpdHJ1TjhYdWN1Nmtpc2FRb0J0VnBLMjR1NEpwSmtybnBwY0hRZz0%3d

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
3352	msedge.exe
3352	msedge.exe
4464	identity_helper.exe
4464	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3352 wrote to memory of 1056	3352	msedge.exe	84
PID 3352 wrote to memory of 1056	3352	msedge.exe	84
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 3444	3352	msedge.exe	86
PID 3352 wrote to memory of 4388	3352	msedge.exe	87
PID 3352 wrote to memory of 4388	3352	msedge.exe	87
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88
PID 3352 wrote to memory of 3408	3352	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://homeservelbc-my.sharepoint.com/:b:/p/rhart/EQZ3uDoOu-9Jrl9tfJsT7DwBVWBgOllUR8wZAZK-tM9HIg?e=CfT5dG&xsdata=MDV8MDJ8YmVub2l0LmNvcnRlekBtYW51dGFuLmNvbXxiMzA0N2VhMTNhY2Y0ZmE5ZWZmNDA4ZGNhYjM2ZmE1NHwyZGZiZDAxZTk0NTA0NjU5OThmMzk5YTU1ZTAyMjg3NnwwfDB8NjM4NTczNDk5ODUwNzEzMzY0fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=OG5GS3RpdHJ1TjhYdWN1Nmtpc2FRb0J0VnBLMjR1NEpwSmtybnBwY0hRZz0%3d
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3e6046f8,0x7ffc3e604708,0x7ffc3e604718
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11582335226243967515,83028091189875099,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11582335226243967515,83028091189875099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11582335226243967515,83028091189875099,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11582335226243967515,83028091189875099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11582335226243967515,83028091189875099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11582335226243967515,83028091189875099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11582335226243967515,83028091189875099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11582335226243967515,83028091189875099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11582335226243967515,83028091189875099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11582335226243967515,83028091189875099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11582335226243967515,83028091189875099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
c40088b4df9d3238d1e8311cb2aacbda

SHA1
b77af0ffb02024ec39d0232730a7be13aa57c5d3

SHA256
c4d82220a615dbd771262ddb27e629dd39baf621aed2421c100c3df147281219

SHA512
426d8241329913ea4745d399c64ca740ce5e17a033725ee74f09cf782defa491fe0436b91316efb6f3d65a2f7e95c0a13c9bf9f88722edd6446baff70c80eab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a0cee594083253165460fc21e531e70c

SHA1
6aa0ececdde0663e7465128bc517924089eb19df

SHA256
631b8fcb0f90d34658da48b2223d13bd3db3a29e6cda5c1da4ffdd6b2734dfd1

SHA512
52ab8cbfb73d4898aa6368f3da580ab59cb352f394b95d8ee8182f751a220ae95c25103416db212910d3c878e7d4f69216b1700efcdf33a956bf3a4f50c80915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81b5d1f50667877add6b585f1ba1528f

SHA1
fe43f16c61c92e00e0f46a35cdaeeaf990e29146

SHA256
5b26df0402d1d9f4cf2a5d1cc3c52df47d90270984661fcb5d2bd96e0b6edb67

SHA512
a2585fb0775f250e38328e6999cb13cfeb2b0088ca14bd31cb60071a94d40da6069cde690183a3eb60fb849fa78737e20d61db18c73efd355f2936aa0bc70675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6bb5b8d9d7b00333812b03bbddb9c830

SHA1
1f45e25561fee292cde464bf9fca0c3dbcf2a4ab

SHA256
0c8303d69869fc35dbb508ac87c8cb9097aae90c4909bff030ce1d8607c92a50

SHA512
9c23a2babc07d5ccfe8beef32ce662f54e0a513cd40c67a01a862fc28b9926996a009b0ac27067aa0703581a9ce961effa6207123a51156f072f54c6ac57efad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1f519e7c8b95c33ba2159fff135f548186eeea4f\index.txt

Filesize
105B

MD5
12f47183dd3a705fea430cadb2f1bf77

SHA1
abc7e990de2f517fb06e8c58af3c1aae100a423d

SHA256
057da73352eef11f2912c600614c93cbb381299856de3a67688cc4ee5c16dc69

SHA512
cb61ec58e86f36d1b846758001a699de399f4cb3a2b6ef4f7d8bb8cbaab128b5de0d7354f1447fff477d78e2c3eec9825a1c794613b135f67b1f39f61bb66952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1f519e7c8b95c33ba2159fff135f548186eeea4f\index.txt~RFe5805e7.TMP

Filesize
112B

MD5
0478b4489c9fb6973f608e864fa90d77

SHA1
9e07da16d6ce47d95914a1f2b869edf6669ed3c6

SHA256
061b6b2f9e7bf6c876f4f8caccd37169ec6ad1acb3fc1a5b18abfbaf4e3af96d

SHA512
a0be9622fea6f2b2fd00bbe59a47ecef9ffa2676bc903d330887c30d351fd17a5d7fdfe5c543e6ec3e9887e74571b1283151c345c19afbfd94d9e58a96afc462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
ab7412a874a445e18902faaaf5b19f48

SHA1
55f4aab16b01b24642050e3c29cac456eda8e244

SHA256
b34eee8d0e53622b6312a05c815d5523a87d8f1b0a26c49b2edcb6c0eaebde3c

SHA512
ee5a93da1716a526ba21431cdf332a09f9827a8b6631d1a15e451eb6889c11b93478fe7efbfe3a6a57199faa278a647458f3114d663bbc09b182455934f4e266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5805a8.TMP

Filesize
48B

MD5
47b721e7c6453fc4e9e21259f826de2e

SHA1
3bed016a1609b0b3a93b364306aea52f437b47a0

SHA256
b2b4442933b3fef999a0ce708ef97f495ba6701bbd04b95cb5b03713519d8a4a

SHA512
831e45ccc0e8b38ce644060afe08bcfbfd3a5d38dec661fee36990924ef0fb4abdc28bab750d4c2b1e3aa23a6d9aae79a877998e26b23c8c06c496a1d31cb7e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
b37201afba5560bb3ab6e037963768a7

SHA1
a91d71ecda453f32afdc66eb97210c69e74cd4a9

SHA256
9ffc80c8938fc1878c513e8d8a1ee4aabd72c3abc09d86d3422c967c7be52030

SHA512
905d37ddba23203053a08cfd902c6ce8ab325d4cdd7e08f9dd746e132c8941ca6976b0095973786e1bcb13b08a52690bfed3ffe854f0fba5160f1619d762bf04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
774dc563f05e67cc876f6227a2421757

SHA1
6c57c677de150532fe390d578754842267e233f1

SHA256
4dd9ca20e7255027977445d52709f4ccd03219dda48fb1f4713a335dbb4ebf8f

SHA512
10df107224abcd104d9b9aed8113b1d262232b3d05df3668d3ecd045c2fb572b3442a82d75b17bc97f9f881620a9b07a42c28eaabfaf11f3553ee12e330bb2fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
7f2a6908eceeefd4bfc58f4c99c5f273

SHA1
c2518987bb2651f87e8bc0f15dceb924954deb5c

SHA256
b66d143b07b2618023f2176189142d7c00f7a5120711d0697b95966893e1fbfb

SHA512
dacc889be50ea5fc2c177631e2df8bfedbd9847f8fe6a2205ebff2b795ddf81abc46fa1f42a43b1c49478ea8daf20f8e726506d7f564750afd36768798fc3134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
ff3c2207190582423d1e104a8fd289c8

SHA1
fbfe4e79a91135e225261f5082328a309aed4620

SHA256
b75ae856a8b8d094b12ae6e829066e495669e89a8578238dce3d7c40818b5773

SHA512
1ebe26aacc52654a26e3a01f7dfa97a7960194880e16691a63ee90dd019351568833a7388b0db6f2451a6a09cd84c819faa5cf77dd6fc38b0f81423bbd368229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ebf6.TMP

Filesize
705B

MD5
fbe4c3f5c7004c6112e23bd696eb2c8a

SHA1
dda2936b6df5e341cb1225dd50b2285d155a0fe2

SHA256
34902f4b4ad7b2c82898ca698751682884fd18b64ffb37c067cdd01b2188cd64

SHA512
843e38bfb5bd0513baf1eaf66a0996d8315c95b2b588d62a8d998665d702984cf4d31413d1b804317570ec0456d7cad0b72eb1f3402af4e187fb42fe5096f7f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4044862b8f69d6754508bddccab8debc

SHA1
dd4da6eeec6b94bf45522a11ba715e0a5e231ffb

SHA256
bb2438cbea42e8e2f2fef346740b3440230cf2237aa1c9b07c84311d4221c853

SHA512
e039b364bba86c4b65fa9564ddb5c9ac7ddeea99c41d866bf5c7f8da87e8b4240673e681f5343f9b98b87410e20a9aa71814d33f92d40cb63809b883b963b3d0

Download Submit