hxxps://forms[.]office[.]com/e/i4nJGKrKtT?origin=lprLink

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://forms.office.com/e/i4nJGKrKtT?origin=lprLink

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4628	msedge.exe
4628	msedge.exe
3380	msedge.exe
3380	msedge.exe
3884	identity_helper.exe
3884	identity_helper.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3380 wrote to memory of 3016	3380	msedge.exe	84
PID 3380 wrote to memory of 3016	3380	msedge.exe	84
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 1264	3380	msedge.exe	85
PID 3380 wrote to memory of 4628	3380	msedge.exe	86
PID 3380 wrote to memory of 4628	3380	msedge.exe	86
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87
PID 3380 wrote to memory of 1100	3380	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://forms.office.com/e/i4nJGKrKtT?origin=lprLink
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc36446f8,0x7ffbc3644708,0x7ffbc3644718
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,9847347819649334500,16759949329360505169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,9847347819649334500,16759949329360505169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,9847347819649334500,16759949329360505169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9847347819649334500,16759949329360505169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9847347819649334500,16759949329360505169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,9847347819649334500,16759949329360505169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,9847347819649334500,16759949329360505169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9847347819649334500,16759949329360505169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9847347819649334500,16759949329360505169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9847347819649334500,16759949329360505169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9847347819649334500,16759949329360505169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,9847347819649334500,16759949329360505169,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2008 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,9847347819649334500,16759949329360505169,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d10a6c1a55a8b3614eae81a8d05bcb55

SHA1
57a71cd766b17d21b4e20965fff2b914bbea2280

SHA256
ec7bca90238468a63cc505533f4b8fdf72738c088f780cf977375b0cc637caa1

SHA512
ed9bf8450d52be63b86fe2549c3030a1539f14ff4b8f1d2f93ed128c883bf8f49f41a3974556c3a35446fa7f7fd329edefe30106e19d492ef6ff17dcc723b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
567B

MD5
6a233c94778e10b550d9146d8ed7620c

SHA1
d7b3c650e81b3e2eb9ca57b699d953b472621d81

SHA256
840b59a64368ca85bfa10d16d50045b801bdc1faeb22d656f9f3724213b0b58c

SHA512
331ada6871f97ed9b9860cfe8592bfa4dae822a1299279be17123b796202d29595e9b08b11db59147ae78e2d3974313b84f9a58ca1998c8d74f153e0de3ca35f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08dc6bc0374a15bb6d02894e0c7880ae

SHA1
5756930f4a46391c304ae6bdaf9469db696c07d7

SHA256
62da5fc1bb6928d3b594b83dcbe4d150e26a13de4af6c90b3abe19a900d2e633

SHA512
e4c8d9bfff485ce62f1d0c8456b4f055e4c570ebe19bb81e955acb6a4ba96f78033e07df794ec5d02a24cc9ac696b8ab6fc1a16694960858ed3779113a38d8a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6605a8a737442c507e5bae0ba23a8549

SHA1
bbbb2bc90a73e79f497439adfc842feb564853f8

SHA256
6ef2180028bf6909038f5d57bf8288afe87ac528da963d9ff38085b487781b57

SHA512
9cca5b75a949dc9a82b2a7a0314776b639ec920c70952af9c901309137d5899d571e2d9db591e1ca846a59842cd265bdc84ebe69f4d5709498908fc55e012c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d46f6c7a1c3ee425c45cc2fb3f0e9128

SHA1
f5398aa80bf74d7164b8b825557fabf15245610b

SHA256
dc21ced4316688e0c07f16fb058ad6f5f7d696bc9677bf8c79241d8fd65ab5a0

SHA512
6f7e024adab7e119ee53d43de39172c1c74667816ac56ae2b440e21f8e47d944e8daed1f0ebaccb9d595bf4b4816ba1749b8558010f9773f430821280709bc2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\2d5a5a93-98d9-4bd7-9fe3-5a0c820a6fd9\index-dir\the-real-index

Filesize
72B

MD5
38648c201ad233af3fc3e598e1546aa4

SHA1
5da500170c39c5c99b8a506ac13f2ac134062b6a

SHA256
42be98026a221a8228aca30db02010ce005a467ba1dada86d8b137d7d9186318

SHA512
4fc3d38538ef90cd082a931a502e730c8de75128ab40ba46c4df2b2a5aabe71af86c5f0b93c9bbb8640786b94abe4726d572aa8a0164c6a02ba53e2810be76b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\2d5a5a93-98d9-4bd7-9fe3-5a0c820a6fd9\index-dir\the-real-index~RFe582229.TMP

Filesize
48B

MD5
a63dba1ebf14769c4238a45374d8c614

SHA1
6b590b00801f9c324f6f6e76e7fa726ff9754868

SHA256
a90bb1ceeea7327ad6227d8ef00a5cdbdec80db8277d91093b7393ad07081b0a

SHA512
533f09b0386aae7cb0235fc9f4c243e5210b8778eef719e7cfae78e2c50778457dc423c3ca5b5474246a4cb51ca22898ba611284b8b130e42ea2ec93dae48921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
92B

MD5
3b4071ffbda3cd0e0f3bceb4d75873c2

SHA1
59dd27af87de0bb679b06c7fc5af1715ff094ad4

SHA256
608b9cdffe62cfe6c7050dcf3f662a16d8e5979e897eb7a9fb2d6182e72a011c

SHA512
b1748f261ad0a5aaee83727382c8d86d4a3cb90483ae45f9e5a973ea51b4ec813f01042b3d77acb395a7438b971517485d742eb3a504f44f32229f6e3a5995fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
86B

MD5
48d9fd515e5546a34ebd06ea53959935

SHA1
30e69e0791b82d92401da0ee5cf36c17c5b840a7

SHA256
2fa17cda2c173bea4685b62e34f5188263cba15dc373ed1ac37010758a07e0f7

SHA512
9ddc6fb8f4ce794b6c28441ff25bbf878885bf3f481df5a3ac9059724ecc5f95a6fa44849ab9d8d6fe730c8e81da0d0376372874d350cdcd4a1d9970b94b2db5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
05ae184b9f688df88109a7148df5222d

SHA1
0bf63fc288284c37f9a50be9f71e1f0449334a28

SHA256
938b49a1b255fe71381c450df9d65fd1a520de6390ae09eb865048ddbc5ee6b1

SHA512
1e4f3cd824f0fd973574d1960ca5adea383767f1788db9218e2e5071f2762f5c8344a1d690b7d007e41b6d39a5d7635d2b275143f1e27be8c9ee07a4a8919d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5821db.TMP

Filesize
48B

MD5
3e5f31e88504e4e01eeb958bdf68b350

SHA1
029c3bdc6a1f86a26b2016d0c7ab404851917553

SHA256
3f4dfd0fd0e0d5694c1ce54ea16ecc6034fde8c3b3c548aa62ab8f8cfa66df71

SHA512
78216547c9faafde0b665b03297df03611309b2fb10832603acdd45f6f0bbf1681497804fbdada4a42ea4ffb6612c38e88c9e9740343cccb4c76191d4971951e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
822d663a12a33f3b1bda45b98be55a98

SHA1
44cfa160ab79b583ed433988c9edcc2a87b3e9b6

SHA256
8be1ca7cc7a66705c7dc236c215e022362d721d5534343182459176249d5dd7d

SHA512
9cc9fa17164da22eb6ad245ea62c2035afd9fd46960fb2cb5e27abf705257782af9247afe361e30d8472194d3be0893ed4b4de8ffa8ef4c77d463d05d9d82088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c0f9.TMP

Filesize
534B

MD5
d21acac0f17634ec8978d8c12f1b09b6

SHA1
f35751e560315f678555d7b25d126b2541410638

SHA256
4852e90a35d37c8f5162858812c91ef5c20bd53afefc7705d0379cc3a9f70185

SHA512
50001dd79618a85ab603005d40260fe1834fa1e2dfa696ea889d6dec179f76f7bab83678226c9362705a26b19806fde640b3618a3da8d62a9fc8ec56b746c4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
91b4db9defbd9972e20cd74439ca93f2

SHA1
568c3c52c7a76dde1679ec7a21315401c2e9ae9c

SHA256
9b2148b274bc3275c7ed23d7c6e7ffedef5c151a647200831b31176d0123faad

SHA512
bfe4e569606814ada7e8275834de3e1421f50ae133fde2cfba469ebb1b7bcbe9fb6b383bc67337e57e056444665ce9c0ad750d102ebf2a2d07605eb28e7ec7d5

Download Submit