hxxps://urlshortener-emea[.]teams[.]cloud[.]microsoft/8DCE20F7E640F8E-2-4

Analysis

max time kernel
147s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 13:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://urlshortener-emea.teams.cloud.microsoft/8DCE20F7E640F8E-2-4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4828	msedge.exe
4828	msedge.exe
2016	identity_helper.exe
2016	identity_helper.exe
5852	msedge.exe
5852	msedge.exe
5852	msedge.exe
5852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 4080	4828	msedge.exe	82
PID 4828 wrote to memory of 4080	4828	msedge.exe	82
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 544	4828	msedge.exe	83
PID 4828 wrote to memory of 4812	4828	msedge.exe	84
PID 4828 wrote to memory of 4812	4828	msedge.exe	84
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85
PID 4828 wrote to memory of 1732	4828	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://urlshortener-emea.teams.cloud.microsoft/8DCE20F7E640F8E-2-4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff974ed46f8,0x7ff974ed4708,0x7ff974ed4718
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4740437398933536020,9836759155327229453,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2688 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
2078feb337df7d612fe76ee3a87d55e6

SHA1
9427a1ce17d44cdbe56fe83956192b1a7b20e353

SHA256
f4adc69568219b695261d7ff79b12bf4841ca0cbed6f277683b25d97f54902f4

SHA512
e54108e27685c040b391feed894db1ca1ef8b26ddf4f57ab69a876e47a8c0154b60599b09e4711bb6ff1fc0cbdf65fd1acfe633f861ab8d5fc6079da6479e75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c17927de1276d0813a55fc35074df77b

SHA1
7d35260a7fbaf7f918c498fdd9c0853f789a3c5b

SHA256
eb4d46d348aecd071b7f12a135a8b23ed69da8a1e0f29492da1697215b81cb9e

SHA512
ee32e74f7fa6bd6ab334f27ed100e0e409d08e41566335bfcbc003175ca5d6fea8cba7e0ca3f2a1408a5ec55b3f4bc16b1ff77b98b9dda4d896cf1a45d862b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a8f69a22b7406ce9efb5d9bce888a015

SHA1
6f39a9319b04114ba9cbd95a0ccc37cd8e8166d8

SHA256
e671595622824e414cff2834fd369be55234fa2873eb0b90b45f3169c29e7882

SHA512
c9555ece05a5069bc9aeb3f52f86a89315ddefb707d7b3260b5c907e20f6711b5f831e1ce3a2d37194dad8a1f35501cb06c8e8b5d30197f3393df320108e025a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e49ef49d25c567eda779b4214f246198

SHA1
2ae9fcc9ddfc4e54f8c13ed4dfdaabffd7577623

SHA256
f01ef477bb7b7ad21d592bcbda6cea6354e49ca94f5ea499cb5dbc373c8d3909

SHA512
e8ea9fc565843b8cd8231e396ae276068c8058e2cba24c92eed9de7c97367e64c05719bce6ce007462b85f748561275cd1ec78e0bd5a72ae6a9d35c5a10dbff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\387c720e-9f18-4c0c-a1b1-62eb2b8ac5ba\index-dir\the-real-index

Filesize
96B

MD5
b36db70d67eddf2ce5f3bf37bc59dc5e

SHA1
7086c3bb2d97be9ace1d6e42f8897d79cf155398

SHA256
d4b6119ef2cc862f7ceb9dcf535fe42611725fdbdfbbe8577b8c9c5dcfd1b713

SHA512
d30586699bbb6d16b5632cc13047e7834f9e88aadb0add0b83880511ea95de204945ebe7caf411793582282308e1e4bc1e7e834db4601c70eb25d81c84fb7c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\387c720e-9f18-4c0c-a1b1-62eb2b8ac5ba\index-dir\the-real-index~RFe57d707.TMP

Filesize
48B

MD5
3e82a3802209b7961f5b03150f921398

SHA1
a7c7b09f464e3afeb9b14d426888f72151f23767

SHA256
4ff44b506a898da24a29f9cb15b4a829e4d78e9ab61bdfde87de82f3b121b502

SHA512
3fa8c880d5de23b6505ad6c245ba49461c5869bbaf89d846556eab37a51b4ce8e2b1068a3fa474fbd82a285127a7740903c9bcb1420862307801ffb66924c8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
109B

MD5
ee33f65f7fed1cc9b708aac96d652859

SHA1
f16366a6c0a96f0d2b295b19a14e10c3f61b2536

SHA256
6162e884ace43aee3babe29ea7ffc99dc4b2d92a8f7ae910b538edb3bff3d252

SHA512
15ebf45c223a0e69adfdc6e80f51e6e04741aec665ec996cd8a3884b84300efa2c43cf27e82acf8630e85de9250669a7d9c8742a772f230732da63f54a22b3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
103B

MD5
7ce17fbb47a01144266bfef07169c07a

SHA1
64591f07984ad5c09b4947f70788eb523d5b1fdf

SHA256
bbcd0076086d6bc1fe684fec63046b42bcaac69fa863f58f484aa4b46ebf17fa

SHA512
1b3dbb6e49bfc0fdff56ad8cd92ffeb16d5f719597211645d718260483341cc2d37a3805c3cfde81f69fdb400d06c71232b55441ab6f058e1a73834ded9bb8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2011fc33a8e8d54bdc61d87ff19dd52d

SHA1
f71d15102b08463d084bc98aa5f68dfec9df29fb

SHA256
aec7b46746ddbabb5caee324d5b72e8969c00ee9217792dc591754a9d904ba11

SHA512
e01b257816140fcce33df1aaad7fa838de90456211eb4a328ad770821fe1c82ce014e2d04c5d94351c90cefa8ffc64e017db049f8f655de5fc698a441a64ea05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eb0c.TMP

Filesize
539B

MD5
1bdbbe04d94f9a7f205537ad68299c48

SHA1
872768c2cc6b7df85dc666e7a6dfaae8156217dc

SHA256
106f4410a49421a48253e8b47136be17b7d456d7cddedf688b705f9dfdf986c4

SHA512
57798cd5def9da45a1a8dff342beaace67e054ad503ca3500191a2b48451905e1af1ba3073710f4af291e8968c582cda7dd4287d5900636c0baa0d6cc6c54492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c41a5153-32d9-4d1a-a0c9-ae93f6f4980c.tmp

Filesize
880B

MD5
181ea00318a2dad8cde464cda649676f

SHA1
2c8431af704c15c328f687f8580e43a51f9691d8

SHA256
6decc6e16bb478fe479602fe2b14c36c382f70c7ed3d5b7eaab22f6d81d28b1a

SHA512
c0c65e97d7b6b8983616b134b0658fccc04131c3def64e3d42c7f57b59822a0a2cf4cdd7c80e15a5f957461c86a3d05aadde5bd0ed21b28e7fa66e9181caafa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
07fdb8d192a4a7e2cf970237e35b80df

SHA1
9c207a32e4c54d1e002080b7fa123570f3c1fb78

SHA256
e3d5e82814f712412ff2fc2eacb943031d4d41daa94b02de91a1d31ad8617009

SHA512
7f61bf2142af6853ea2a49c1020e3e504bfa70ad215795c97a30e78ca8cf3c3875a2681b7e0a5dca7647edb6498d0a27abd544ef36d0f7033055da54e8c322af

Download Submit