hxxps://forms[.]office[.]com/Pages/ShareFormPage[.]aspx?id=atlxJ-ZfTkmpiBz5GOrQZra6YH8IF9tJvDnK9FEosBRUNUoySTNMSlhENTkyTjRFS0pYUFBWREJDVS4u&sharetoken=VjI7W44Fh45blPkj2SeD

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://forms.office.com/Pages/ShareFormPage.aspx?id=atlxJ-ZfTkmpiBz5GOrQZra6YH8IF9tJvDnK9FEosBRUNUoySTNMSlhENTkyTjRFS0pYUFBWREJDVS4u&sharetoken=VjI7W44Fh45blPkj2SeD

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2792	msedge.exe
2792	msedge.exe
2676	msedge.exe
2676	msedge.exe
3012	identity_helper.exe
3012	identity_helper.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 3204	2676	msedge.exe	82
PID 2676 wrote to memory of 3204	2676	msedge.exe	82
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 4444	2676	msedge.exe	83
PID 2676 wrote to memory of 2792	2676	msedge.exe	84
PID 2676 wrote to memory of 2792	2676	msedge.exe	84
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85
PID 2676 wrote to memory of 1304	2676	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://forms.office.com/Pages/ShareFormPage.aspx?id=atlxJ-ZfTkmpiBz5GOrQZra6YH8IF9tJvDnK9FEosBRUNUoySTNMSlhENTkyTjRFS0pYUFBWREJDVS4u&sharetoken=VjI7W44Fh45blPkj2SeD
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8b5d46f8,0x7ffa8b5d4708,0x7ffa8b5d4718
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2999344797330773226,16240410822745460932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2999344797330773226,16240410822745460932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2999344797330773226,16240410822745460932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2999344797330773226,16240410822745460932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2999344797330773226,16240410822745460932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2999344797330773226,16240410822745460932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2999344797330773226,16240410822745460932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2999344797330773226,16240410822745460932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2999344797330773226,16240410822745460932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2999344797330773226,16240410822745460932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2999344797330773226,16240410822745460932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2999344797330773226,16240410822745460932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2999344797330773226,16240410822745460932,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
162f7cdb763c04d8d80cae7882ffac84

SHA1
3b4a24b7a49cafdd8be2e1415269989607985647

SHA256
619779ae11c62e250731cc2dbd6d96c388b3732d4db41b6d4ed8935c74fdf302

SHA512
5fddd7e96473f5bc99c9fa58257d7a72537dfd6a0747eef814005f49d2714de9073676074395b2f10147d05c9a12a50db489ef55697caa5626cabb18b4faef4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
c7bf2013c4dea6702d1ac7482ce04461

SHA1
4b34d10e9f6300cead2b5493e9d8b65d3b6bd894

SHA256
d5c541f83e9e2748e44d3ebd5b155c8799c3958c54cfdb2eb88ff65646d4a8c6

SHA512
6f8b9797393062640630aa491c5a95c17f6911bb2c55af748d60894eb66e14152610bc84446a33d57ab9a81381be303b36abc7626282cdc86c2952317bd162e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c431417e33fd24b2af51ecff851a2e48

SHA1
448d41111abd899034055a39a40409e69b01c7b8

SHA256
5aeb1aaa3e347bdc9819b3e996504f2b73c7f4809b7ee43aa6c0b7344f66e715

SHA512
f7248ef9401f11b1d22373a6872fac91d57589e8128210caeacba15d869bbb0e6dd620a772e00d6b89c07040934f1e1117eaed68b42318a5ccc414a4552e5648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
346f7d20fa3c8b25381fbf4880c649cb

SHA1
9f96ea0458f905e129961e07adb9834b77f5b2f0

SHA256
ceda0e026ccbe6463790dffd87f42c1d2739ee3c138f61b9377f29a64d0d5ae4

SHA512
026bb72c466d87dd94f0e33d287726e8c4389ad020633e2a05f22cda82cec3f28926728c5fd945f2ac3b0f06994165926b08425c31b0fd913a197dab174280d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d79726ffd371d3c4863e5ce0f170d018

SHA1
65f5a3a8fb9fead0e003fc93b902efc2ae226f31

SHA256
c297c80eb1741080634283769b4fe370f45c47fe8be67a1f2628aa444dbec8c8

SHA512
ca941a2dee08cf06b74ba3d3d38c1e063c1fecb9c977ae4cef587e46c93f3b4b98e04811c019d87f115d433b2aa2d6de4f13cd3063977a49ea398c4a0c6eac6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b11eda0fd3fd19e56f6cbda74045aee4

SHA1
9a2a9cef4f81fd3e20a3e1ae41115e38218c52cc

SHA256
c2e13b87d120e104fa140da885a7793f7f8409b27fa27e6b89c585011307d5ac

SHA512
15828fb621835f2d5a6f969783f36c9d8813ca5cac941addc7f53791d429549128ceb225c8d42001886be3fb2c4a05bf0d422b43eeae32975224bbb7885757fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\4fafde88-d3a9-40c9-b8af-f54baf296d07\index-dir\the-real-index

Filesize
72B

MD5
3d067f060ccceb2698c6bdb7ed64cae2

SHA1
52603df4ea5cb6e1f2c1a804075b40eb232e8728

SHA256
050b26e82e13e4466ad0699de50987cb8e80cfc9a5abc63ca611e34a1fd9fdfb

SHA512
927c2344cc06fbe5d2c2e9b25a908a745d13ecac9e899a2f9f4d3195e83e98d6b74804033d2b16aae3665db28dac8b71bd8b9d72716a8b546941b26486b8bd14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\4fafde88-d3a9-40c9-b8af-f54baf296d07\index-dir\the-real-index~RFe57dd7f.TMP

Filesize
48B

MD5
efede6b30deb2623c0bd80709237fde8

SHA1
f92ddfbe1a6c97f3e4931b9244b1a0c9e03adf9e

SHA256
89745f537d66e4b03e1c74963e2a8e5ad9f66b973b10df24d8b894b181008e3d

SHA512
bf8fa50f66981ed401d2291e89e9b735b7373af0b309fef59fddcedc82689e64b9dd02c184d0db3040849fc221799eee63e2c31cc01a7a03974643c1a159067b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
92B

MD5
be080f04af2127a7dd2a5625d9c96c70

SHA1
7fd6b1a590f39f7f7a05884e0911f1e5cfdaef52

SHA256
1c6504f75653b92c5e4297c96b71401f741e7123cbae48fdb9a6c1ce31eb5ed3

SHA512
6b51310c612085c48d396765bba259d4754929a88aa54579263b7ae2cadc9b66676ab71693fd898d8cc6fb2d8a117fe8c72d2a460f89657e05033ba6da9e99e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
86B

MD5
0f7da2fd6475e5710153dab4f5cf78cb

SHA1
ad0291912d03ad021f9300e3431a9d48f587d3f5

SHA256
51dcc8685ec1029fe3db3d03a7febc72fe0370f9c7fcb96a3441c8ca58b38a04

SHA512
fc4fa912150372d7cb42371c8e4939fc6bb4772989493db377a638c2d7de711d9314512d48e2329798cb29477e6f54591ad36237aab5a718e9eebd6a80d45cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
89a674a78de11dc85b430f1552b8b3fa

SHA1
57e51c2a355deeb751af95d65973839d2c8e01dd

SHA256
3a287929538b733f0201f0bf1ee79e098a5faf081e71f5926a4a6f25c3e0a772

SHA512
d09146d8dcf5581a49e9137865d0f7437f09f2ad858063ea54ccaacbfcd7ec42309c64fa14b04f8fed2651c88e36d5cfe8f5498ea688c718b7e9fb75b3f02329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dd21.TMP

Filesize
48B

MD5
72dc3d8ee1c3ddf3ebb5edaf9d8adaf1

SHA1
580313bd54d481f45657b8bae18151e77d407ab3

SHA256
ddc629b192e9afd9e2c1a577e5933fdef9fd93ee317b5812baf37f47c4420f29

SHA512
545dc395b71d9e7aed976ba4241dde2c666a8bb48094c4ace952bec543d2facf73147cc3bd87f8217cb7dd10edb8d73b517c477cffd6d9d49ce1dca16387a6a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c14f7933f7666249d35fb7a19ee827e

SHA1
527494519466e6b4981418b28e46eaf0ed1b98eb

SHA256
0078b1b71ca1b0b28ba362aa9fea6351f40de7f08c22cbd2859f30f7dd0119c1

SHA512
b6be026defdc9cfcddc07b8112db016459396dc66d11d1fea875bf9677c743e5e1264caf640b3bd14c5c8c0324efd98fa856c5259ed59964684932a29da6606c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580a6b.TMP

Filesize
371B

MD5
466405a84bc98cf85eb77cae0cbb3eac

SHA1
768e320d7e6b3fb7d240e850159c3daa8843cde7

SHA256
f3aacc880ee2d3bb52e2c0a9cc0c9b3e18942e98130ad67ada1d91a33f59b7c4

SHA512
5dfd5c717c500e1695083cc36a1a1beba32e2a9ae6234d03d270a0411079cfc531f8b394521c2d53ad568f1299c66986a84bb9c2bda62e34b8fc3a059c1c9349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7d0f457dd48f0ee06610d7a0f6cf54ca

SHA1
e493497bae2035b43c43f20573bae86ec3b9ee08

SHA256
c7ccfd09f249d76ffac32f4b25dd1ffaea4f07b6c61c561e13d14ca2537bebf1

SHA512
1b408cf25285861dd850eba4ff8e5fdd597e0c10e275736f92b5ce0b772e70c4076c3067b0992399cfc5cd15534d518ab968b3e853758600602d4ca7389df983

Download Submit