hxxps://url[.]uk[.]m[.]mimecastprotect[.]com/s/5XAZCYWQDsPA86Ms0fVCxY7fC?domain=pwtnz-my[.]sharepoint[.]com

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url.uk.m.mimecastprotect.com/s/5XAZCYWQDsPA86Ms0fVCxY7fC?domain=pwtnz-my.sharepoint.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1144	msedge.exe
1144	msedge.exe
1364	msedge.exe
1364	msedge.exe
5016	identity_helper.exe
5016	identity_helper.exe
5656	msedge.exe
5656	msedge.exe
5656	msedge.exe
5656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 4860	1364	msedge.exe	83
PID 1364 wrote to memory of 4860	1364	msedge.exe	83
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 3992	1364	msedge.exe	84
PID 1364 wrote to memory of 1144	1364	msedge.exe	85
PID 1364 wrote to memory of 1144	1364	msedge.exe	85
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86
PID 1364 wrote to memory of 3940	1364	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://url.uk.m.mimecastprotect.com/s/5XAZCYWQDsPA86Ms0fVCxY7fC?domain=pwtnz-my.sharepoint.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaba0546f8,0x7ffaba054708,0x7ffaba054718
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10660871077253004774,2376377490626256074,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,10660871077253004774,2376377490626256074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,10660871077253004774,2376377490626256074,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10660871077253004774,2376377490626256074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10660871077253004774,2376377490626256074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10660871077253004774,2376377490626256074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10660871077253004774,2376377490626256074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10660871077253004774,2376377490626256074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10660871077253004774,2376377490626256074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10660871077253004774,2376377490626256074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10660871077253004774,2376377490626256074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10660871077253004774,2376377490626256074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10660871077253004774,2376377490626256074,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5224 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
38KB

MD5
492cb02957326e2818ed96699b899626

SHA1
1037efe8d29183e92262be13dd6d3923495202f2

SHA256
b808634d585b148a964065345b382dbfe1e713bec430b208532221d8556073ec

SHA512
82582d0f377037588d5a31b8254013e116bdb5adc7b8ab38da2f929ea87a03636f791a40964006016545405b3a749ee5437665b7bf8748d469ecaef39b450b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c

Filesize
21KB

MD5
3121eb7b90aafbd79004290988d25744

SHA1
5584f1beb7b9e8ca11833035c9962b3ddd54f904

SHA256
6dbe807b8da91d549a49beec3330d795601ec0f272ea232e91121f3ed703dfe4

SHA512
ed25bf0b7c12742a7b71bc271364970508fb03a5096f42eedc360ce92205af5be0ac4eb0567585882d34629d179f9cab287839247c81f61d894360a83b28aaa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a4909b91c2726915fbf314d51e5c4938

SHA1
8821ed1a9bb502b24cd7dee2b5eabaee5306369a

SHA256
c38df4f1863f380beb86b941d1b17572803e8a382f4e0c6809b17901575b2b94

SHA512
84520966246fdf10b25876eb365034410d062ba4bbeebb1245e126350a131a687c7d012aa7bd5a631ac932a24fcb55bddc6f907f4af23b3d9e798726dd9e0e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
72598050115b5bc37f414c6688cc6b18

SHA1
ee48c929520afc2cc644302ec24f17d396492489

SHA256
5fa26ad3e21fce179e31efd223b48c1beea139bb3c43cf61abd4f05dd48c7f0d

SHA512
92ebffd790ac28139c994c0cd28477eb3cb7dec14cb78cbb4e143a8fd07a5923e44bfbff2a1cc355f19a685c67f1e41b50a1caf026c2223333df270b60f96a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
959B

MD5
0744d1b6c2c51ca68c758f7eecdff477

SHA1
ff70b6f819ca9a2b791952e89e810a623ab041cf

SHA256
d5d7d46bf7f20cacf5ff564be475a89eb09c6662aa4a9b299894cb4e473a53a7

SHA512
4e1143545135759acfa6e03ca40c12b51087757e371da29c018706a9678b532d52771064ba6f5aff2213685e74ca5f6092476cbf9b1e10deca5064b3268d2ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3db7010b5c71f8b4276b24a2e53acf7b

SHA1
af0677d61b0be673edfdd26652cd083827e650b8

SHA256
852e0b0bd3d60ac08d83cfef1a4e18b6a558bd6a98569960397d48118334ade4

SHA512
34c61e4bf2e91529103381eb86d73f8007236c3b90c18b3af77fd6292e845be20f375a027290b1b77dbcfd2c17383fc81409fd2b18042354d3f5468abf9a8961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ccbbccb05bd40691128e127fe38e05e

SHA1
f92f592f9b8079aa91c5b815a84b90b7f7af79f4

SHA256
198fa51ff30dd11d4cbee01a957ccf7101ea7545dcb8147609d6199a8b831047

SHA512
d879fa7f8abcc398402a947551b65799e87e261509c0a7fd2b5dfe44f5fa3fea173f98ea6b9441535ce1a88f1d9c3004a5dad829d0aa6494ee27e042f7644113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d358b4cc2fb969caac35c902054d092d97e79ebc\7c5b4ec5-51a2-4ce4-bf1b-cfadbb3a75eb\index-dir\the-real-index

Filesize
17KB

MD5
559beef3cac27b89ff60cdce9fe1b060

SHA1
72e0885e730f532b1b9c2c0e031e9fe63d5b65de

SHA256
5828211899373d53afc7dc658824ab79b43ffea2353c33fa7c57d27aecbab9a0

SHA512
4c43a8ae388db16273a115a56a812fc5d4f0c3c84f85a4ee31b068f1cdd4315ace63040a526994703ac7b2c132e70792112d6e1fe40210483efb9b1fee3628ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d358b4cc2fb969caac35c902054d092d97e79ebc\7c5b4ec5-51a2-4ce4-bf1b-cfadbb3a75eb\index-dir\the-real-index~RFe58176b.TMP

Filesize
48B

MD5
c0bd46b4a87aca46e36f0fcfdc2bafee

SHA1
d146900f65a2a80537b2f3692b6281d95ef2b49e

SHA256
7311dda353537d3a533556c7c25033e9cb1169b0260a95cfea8185073be58667

SHA512
02d52c54df7ec2585f8748e9baec99f0497e4325853314cda919cd6a2a509f98a0a9da21166c4c48f29896fe0d0b2a525924fa17283f44941515d8fa045cb7ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d358b4cc2fb969caac35c902054d092d97e79ebc\7c5b4ec5-51a2-4ce4-bf1b-cfadbb3a75eb\todelete_7a48c130a6a40c0e_0_2

Filesize
142KB

MD5
1bc456e84fb4c097f406dde47f62b7bc

SHA1
553365c4312ce9d0f194563868b018612dc20a53

SHA256
5a4bb1446d8793bd28a80dcfcfacc83d49120b64bf1b719c9766fc1955ac8ab6

SHA512
2cc9e3bc4e8791124863f631646dd70d321642c2341136bc16de9d38809cc40fba82af300c9e062b022b1aa314fa7c1ff2fc516e065aa450d64ff4e481a11494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d358b4cc2fb969caac35c902054d092d97e79ebc\7c5b4ec5-51a2-4ce4-bf1b-cfadbb3a75eb\todelete_7a48c130a6a40c0e_1_2

Filesize
288KB

MD5
ca49bfc747e85bdd8d936393bc20caf0

SHA1
edbbde3652c01b681f36694c85cbc23f2fe28550

SHA256
82b44220bbc831de0a0c554c2bda281a5a1d268823d042cd63909919567c31b2

SHA512
9d69dc9480e17fa346300cb2ffe3beb61c375b22bf2d6c75084255658b2cb93a1bf0ca4e657724eb9b40e5dbaf0b693bbaa07754d9af1ee6726501796e1e82f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d358b4cc2fb969caac35c902054d092d97e79ebc\7e7f6830-4d27-4668-9cd9-da6af9103969\index-dir\the-real-index

Filesize
768B

MD5
b4def0c58617b5a6350794e6883e72bb

SHA1
2f595d82e6b729b4dccca03bdde572a19c5b311f

SHA256
c2be0e369bd753a700e0f7d55980e7e4a224d599e98ecee9b3099acb585e37c8

SHA512
d08b7222f8e6a012bb2d81bdd8418a8082807e3b6773d3862cd01f288972041fb9bddb22fa8ac41aa4706319a7b42eec1375e04a6350bbac2cbc39f9b2117d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d358b4cc2fb969caac35c902054d092d97e79ebc\7e7f6830-4d27-4668-9cd9-da6af9103969\index-dir\the-real-index~RFe581865.TMP

Filesize
48B

MD5
7c3b3ef18d5db844485bc8496b32fe23

SHA1
b8267e5410a5e262b5e6bea4fb5b56158b0f1dd9

SHA256
42924cfe58dd9600b6c0ffa9dc214b73627c0a2f85433161605a68b19734c93b

SHA512
33aa926cdbeed0fe467b4ee0de5909251fec9187f91b34e83c02ec8900aa124f3fe04758162e194b24af29f241858ba185ad20f8e4c1d1c064a081e50596755f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d358b4cc2fb969caac35c902054d092d97e79ebc\index.txt

Filesize
175B

MD5
1a69dac5a4dbe877e7ecb77864d2f42f

SHA1
953341d72a2c6f8c07397efd5dd4291dad3f9dd7

SHA256
1fb138999ff90af321869d411850d7507034a80827814c19f218e35349118a1b

SHA512
7cc0e61919291dca9981a4c74f31139d0490737bd664972a517f2772f83bbfe316ced0009cc4fefe45eb0fe3b98262ff3c670c3316f82d7da2fdf50849d837f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d358b4cc2fb969caac35c902054d092d97e79ebc\index.txt

Filesize
171B

MD5
13f05a5e33c2f14c7200821b21f7eb82

SHA1
89c546ab35d0298c6835abfbb718b4fc60885b38

SHA256
e36c245baf5497815d92533f2684f1c7aa8f273b32676a8b60dd355686e32496

SHA512
200f99b2730be8c26d78d9090d46b28bfa7395c8beee53e4f1b82d6bc084718674750411d3da6226ddb4ebf45a89eb295bdf1419bc2b38b40ef1afa2e802d01e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d358b4cc2fb969caac35c902054d092d97e79ebc\index.txt~RFe57c294.TMP

Filesize
104B

MD5
02383f0c8b85ccedb5438b2f4e1c7a34

SHA1
85bab22163452d1d871d2df4059f7754fd420195

SHA256
559ee66075c16f7646897a21a5f10673d478bfc4d04fd7ee64ca99fd3651ae9e

SHA512
4bac896957c7426980a571a74ab7478252bf179c50d60fde6dd9ab164faf19d6ace7cb10e5c71470c7ff59c28a5c20b609243a1fb525459ab92484639f26150e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
737787b5271c9f0741cf4f1e891e9f46

SHA1
da204759ef1b9f6910639da721d716cceb96aac4

SHA256
2d32acfe47cfb54f4bc9ae10daffde6493c7ffafb43679e7b588a4c1c7ca1473

SHA512
5e62203018569880ac6d4d76979a7467b07790052d7f12112bb506f56206ce5f111fbdb2a47a9f98a6356f35c26ac105c529588367a66b038b8954d09bbc8521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d0ec.TMP

Filesize
48B

MD5
644118fad54a3f3343c08f90e1258c04

SHA1
68ebef64bacbe35687bc304f7fe6aecd67c4783a

SHA256
21253f84e1d37e51670cb7f549c6eb1bc695266d2c31692a22533b6b458e5806

SHA512
da000c1a02688b160ec9b280e029b8e7be4c501312a21804a9c7438a10e862a08dffb7978dbc29a500595844d6ec7d1bcd0344e0cb557e942ffba653de599d26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1a7b86df62b94c648eb8a86210d84e8

SHA1
e1f43139c7311614edc00d8d314af95896419a9e

SHA256
2c600050f6c381b1f93a24b269a5da5f8d287077e81d8bf1098e6a8adb7e3e4c

SHA512
220f286c35998feb488ec753e76ea6dad2f9e82398c0422eedda08e53ddd40e9d1d4d4cc890c51f514d94175fef8c3924ece65236a6d90e534c665b80cda5577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc49249486e166520025bc4df9c42593

SHA1
2185afe477230eb1d9f8d6bb22c994c179fe8bd0

SHA256
7ec35af9741c27291038b9012a20d8d6edf1eef8c1e5981df21ba0ce31ac12f9

SHA512
e983c49a5caddd84b240eb989ef209000e74121af2fa3ca101a2e7bfb2e6d65678fe57cc0f7f7d1438e34e02a2a67e4f6dfc35d0826948c736c9d6df0bdb6564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bf1a.TMP

Filesize
1KB

MD5
e0d9f365e49ed2f2e0ae53f80d62be76

SHA1
f926ba0d5f79771a1645bee641fb39942de64a9f

SHA256
1d268fa4531be4618ada1015bf9ad543152283a90ac7e03d74d7daad03b8f69f

SHA512
029774a15e1c4739269ed0447bdd5fda821874ba5fb20473b659a34906304903864c0c1cb89fa47c909fefb226316b3e97ea6d69a5a8ebebfaa6b9c341921e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
943134c33c407cdffeee745353778003

SHA1
7a5b799afd4cd1e42d9ca19f0cab74ced092dfb1

SHA256
9e69acd06441644fe228e7cb1dadc12dae5d9edcaadf33df0128edb7b9cd600e

SHA512
9e6f21c0993d2a99431726fc4e8520dd20f820a9c5ec1c68e9ee6bec53f08fca5ca405e17b5a19c43223c1a7fc2f9a69f78933898c18bc6cba9e110a48fbf9f2

Download Submit