hxxps://forms[.]office[.]com/Pages/ShareFormPage[.]aspx?id=iTARqgAd5UqV7QMdokx8z5JQ4K3tn3VMnOw2L2-4Y1tUQlBZRUwwMDJDTVVDNVg2VVBNWUNUQ0FaVy4u&sharetoken=jHiWQPbDuqavzgIp6iDB

Resubmissions

26-01-2025 23:42

250126-3p7hjs1jen 5

26-01-2025 20:40

250126-zgal3asqf1 5

Analysis

max time kernel
145s
max time network
135s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26-01-2025 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://forms.office.com/Pages/ShareFormPage.aspx?id=iTARqgAd5UqV7QMdokx8z5JQ4K3tn3VMnOw2L2-4Y1tUQlBZRUwwMDJDTVVDNVg2VVBNWUNUQ0FaVy4u&sharetoken=jHiWQPbDuqavzgIp6iDB

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
232	msedge.exe
232	msedge.exe
4896	msedge.exe
4896	msedge.exe
3004	identity_helper.exe
3004	identity_helper.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 4956	232	msedge.exe	77
PID 232 wrote to memory of 4956	232	msedge.exe	77
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 5892	232	msedge.exe	78
PID 232 wrote to memory of 4532	232	msedge.exe	79
PID 232 wrote to memory of 4532	232	msedge.exe	79
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://forms.office.com/Pages/ShareFormPage.aspx?id=iTARqgAd5UqV7QMdokx8z5JQ4K3tn3VMnOw2L2-4Y1tUQlBZRUwwMDJDTVVDNVg2VVBNWUNUQ0FaVy4u&sharetoken=jHiWQPbDuqavzgIp6iDB
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36cd3cb8,0x7ffb36cd3cc8,0x7ffb36cd3cd8
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,17225069650147863122,913817848270808899,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,17225069650147863122,913817848270808899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,17225069650147863122,913817848270808899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17225069650147863122,913817848270808899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17225069650147863122,913817848270808899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,17225069650147863122,913817848270808899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17225069650147863122,913817848270808899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17225069650147863122,913817848270808899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17225069650147863122,913817848270808899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17225069650147863122,913817848270808899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,17225069650147863122,913817848270808899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,17225069650147863122,913817848270808899,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
be029284b34a909964d4f3fc2a357202

SHA1
1c3bff3dc7e34f7d1d9aa15e8bfe212f597368f8

SHA256
a13a5a67c1ecf75da7776f966e0bcd818364426d556ae51bd9adad383209ab27

SHA512
81228b06c90b9ceb3d20e99987efcac3cbd0cc1f50a97b97636ed5daec1e71c72124da13e87f78dc85779f7598944dff085e435e661bbb22cf8c98b3e03f485a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
491B

MD5
980a18433b3a5bef0058645ef3838cf8

SHA1
34494a1a41a9b4d39564142c8cfe9f5036d79820

SHA256
100e0f7bd0aeaded01ddd6677a76278130285f3d073462ae0d4298405169b5d0

SHA512
9fcc9a79c1d5c3afee09686ad3e2eecdc999a528d58f1a69c61eb0a4f4aaa8a658a64561bbb9fcb8fdee4b2f71c7a9dd3b4d56da04d856998114ab753cc7e511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1ebcc5a102b18683d5f9170b51d56476

SHA1
a37317575f8070969066b2eb65957396cbf97b6a

SHA256
2a3867e056411748349250b8321c132c0d135e2f50b09557c30ee1902bc58641

SHA512
60c9b01026eed6f8082a6e359f97608a03978c852122b7e059f7e434cc9a8e959b66cc3c8a3849b609e02518137b058b9c392c5fccd26545135149550af27418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43c78f4d2bb842b40435e25f62789001

SHA1
1ff194368b043042eda6f23d844941b8575df974

SHA256
eaed61a0da51022258535dd392e613b0a42b3ebe375a455282287ba6a2cfe97d

SHA512
78766f5f2136162a13ab7cbcb3805b126197e1b0e7270f599cdf8d4e6a80443111706d2b2c5ad12ff240b4f91e38ba1333cdc6df64774a613fec29559fc6084d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\8e786dd5-352e-4ae1-a84c-eaea9e9b1a33\index-dir\the-real-index

Filesize
72B

MD5
046834cacae65f3ffbe5f00e011277b0

SHA1
fb825deeebfb98f3a472dbe282a1f753825c8da0

SHA256
939205d5ddf1887b0904db93e1dd77e9ff19b4709e57209dafcb0ffda390a90f

SHA512
98d5e7829c7eec8b9389a7fdaa54d5e9d19c03654a923caad8967ca873d00eff87b28c197da0d808fae192dcc0cb72c79603f7eef69df6da256b077ccfee2e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\8e786dd5-352e-4ae1-a84c-eaea9e9b1a33\index-dir\the-real-index~RFe57f77f.TMP

Filesize
48B

MD5
ffc94f736dddfda292a748dbb160b6de

SHA1
7f93e36c894daecec73de138e240af392b6fbf64

SHA256
33f4698deaa056279e6b9c70c8b05edbeebc4860a64f91f58cddf3a84d3655c0

SHA512
9625e87c7dddcf1ae5014962b32d34bd47ba51ed363dc5dec78db18827b89ba0f0530257039fdb62d051763916d7fafd0ca705f0ca052d605166e5ed0d7924a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
92B

MD5
2326efadbb20c11f11e64881b292ab92

SHA1
6443d6bb648acc35d5f655d55dce6877716d872c

SHA256
095cb114868226bc89d4237debb1fe7976ee619dd77f58474f0ef66ea89280ee

SHA512
9d6e1d6e607cc42e69a5fdd00336f391c5d7c673403b5c6e818a0a9a6ab18150bd33cb6685de217b75a28959769ae87a3ee278a29efb59d6608787d6f3008f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
86B

MD5
c3d6371078ae0a428589a4240238defd

SHA1
b9d8c7246927af521934f5a2d9411638bd946cad

SHA256
61c57e2e9a95243f7ffc44de0da65c7de9f06ce230f71321f09438a0ca257b2a

SHA512
3f0ceed02a2e40232a30a495b1b7e27fadb142578416bebcfc52f108e0c0107fa68149c11655ba8bb519654b90551365eba7778ee1439d895c40a53436dcb820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
54c89bb21a444eb783a188e6f487b01b

SHA1
f80780d3821fe49b4ba8a19a158f3c2b8c1c1629

SHA256
3b72ac58ef88e4cc99036c41584f2067a1e8cefb50f639869b968abaa68d23c7

SHA512
52a55853d9df4299178745e250b6293e2bb827ddfb500197746a2300f434ceb821ea49127d1f7735cb954983ae969631ca2ea038df19a5f5e33868ee1034fe56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f702.TMP

Filesize
48B

MD5
f54cc1d237c79d4c734588d837a53248

SHA1
3883beaf356fe1bff9f00c83970b1067d7bcc5b9

SHA256
691edf016d84222f27aa06c22c63e780e96857d8d7078f5f4d61f025ffff6aa3

SHA512
3c42efe962a94c352a07c11c9cdc09d970cc0291649728fc9789e7d259b45221e3b478eea87bd7dc22c6d8e40b7a2c5bdfe54eec93272c8f0b1d763a0dcf427b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f222e36e2cf91b5daf25632842e9157f

SHA1
db101b1fd9f1d791cc0742c4909940d69605b83b

SHA256
dadd89609f44da9c39e95c06a41c4387528a51e27229b8da2b9f3683f4d2e5d3

SHA512
6ef65c4e6c291cb9147e4ce8efb8949a39f7a1639ff8034944444ca22d3b72d38a18943cc70314efa5c04a1e943d99bd546a564c8e8f09fc396718ec7f7cd387

Download Submit