hxxps://justiceuk[.]sharepoint[.]com/sites/HMPPS_Group_PublicSectorPrisonsCateringRetailPE/SitePages/HomeFeed[.]aspx

Analysis

max time kernel
152s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://justiceuk.sharepoint.com/sites/HMPPS_Group_PublicSectorPrisonsCateringRetailPE/SitePages/HomeFeed.aspx

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1776	msedge.exe
1776	msedge.exe
2928	msedge.exe
2928	msedge.exe
3992	identity_helper.exe
3992	identity_helper.exe
5348	msedge.exe
5348	msedge.exe
5348	msedge.exe
5348	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 1212	1776	msedge.exe	84
PID 1776 wrote to memory of 1212	1776	msedge.exe	84
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 1484	1776	msedge.exe	85
PID 1776 wrote to memory of 2928	1776	msedge.exe	86
PID 1776 wrote to memory of 2928	1776	msedge.exe	86
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87
PID 1776 wrote to memory of 3476	1776	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://justiceuk.sharepoint.com/sites/HMPPS_Group_PublicSectorPrisonsCateringRetailPE/SitePages/HomeFeed.aspx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcd146f8,0x7ff8bcd14708,0x7ff8bcd14718
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.digicert.com/CPS
  2⤵
  PID:952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcd146f8,0x7ff8bcd14708,0x7ff8bcd14718
    3⤵
    PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2392 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,8235482544299750286,10396140421368099713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:2808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
45KB

MD5
3a9f032a2768f36fdfdc817a6cf8049b

SHA1
9d13781cc80dcf64655e8e712222f44ebbf889db

SHA256
33fed58ddfca9db797465118d12f2f2baf234f072c4ef36e988a85a0a49c543e

SHA512
1197fe638e590c60d4b36624648538a03e2a4783d36d215181a3f2c7ecb6b90aa5cbb3dbabf689c1add0c2c500f1611172d3fcf09fca996c15ae1b25d5f7d634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
32KB

MD5
2e287eb418940084b921590c6e672c9e

SHA1
1fc75a9daa054ef88aaea181f3a9b4cba2b6b6e1

SHA256
6c2c58daae76131a00d1bfee20852f372cf594be7f4a8848acc42f8bf72c1bbd

SHA512
a77f69571b0f04f4a2354d9e18e41ef86f22274eaed20c02215b632bfef09c6543a83591e9db3f2b4036a9684bff666eb6a7b253ba18893500e9cd541ab752a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
4138c3e8c4db00ab3c8c75c80f063b59

SHA1
31657d73dbeb54e13f1266ee57097534b1a0f98c

SHA256
61e6079c5633f89bc68c4fc812886b8c0c54692e28c87cb952912d5795a32da4

SHA512
9b1f70a638f8bbfcf23afeb25c13c7c8db1f75a63041c917475fba31296fd25a592774bd7604b478d33eb415513e5e91ec6a4996a9df12ac58cfe7a2b735611c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
f23d015b4b2ba67aca97aea2d89f7527

SHA1
550d36bbf015db0c513820addf6a7e90f37c3574

SHA256
a48afc3ad499b00e742820e63e92f6fc3120224a0a2668eeda3597936d764d8a

SHA512
200601de1dd6212cb206babb20897c55de3d1967ed0a1b41780482bb9634a8670df6bc01e28506ff71bbe8213cf4c18ee2807ed59fd2b5dda4ba774a2b6e1abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8a094ca27d8ad8732cab3c63af91b1ac

SHA1
510da6fe6e463bf086261dd51c948dda27f47097

SHA256
4ff6da6e49fb7dee0325515665c57e2cc299130ef2ee2834508d78d57f1316aa

SHA512
fc78ad03e1158f8cd868cb3b860efe1285aa96710f5c2ec72047e43e4b37f02c3dea23e538b2cfea2718e4de2c69b2d401b328fd863676e64ae7d0a7018e250e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
37b69b0bcf79116aa598285d32102f82

SHA1
8a1b8026473d37904a7c63e8985a5f7d7a2fb897

SHA256
8b4d94c2e096dadc6a5f0c1b6839051601431919fe852315f041456c13433de4

SHA512
e3b99d7ae9107aafe19d09157dc4dee2e7609fe2e5ec00d36d696d2d89f2c970ecf4680a23214ef5f519570b68ec5aee338d83e6110dc63edae4431f1cd58442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
524B

MD5
306ef306368de03a0caa07767a883c2e

SHA1
fbaae74208d2e72ee607011127ac9c293d108e4e

SHA256
b7d8f9fc693cc92d8e9f6142e4b21ab2f9209740d6513e8afeee5e2c567a3205

SHA512
fc80fe0da3e7352c29be32b8a83c2fc5cbef98740c1754fa788cb6a89827c859a6a54242768de31cff49f3fb84784e90444ad97da68938df36936edfd9213eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b36918c1f10758bb853d3e8b301032e1

SHA1
e671f4e947355f045bb0b89e468b5862a59c1a78

SHA256
befa26dc970e0b5e7f0a1c17b1bd4c3ddb2bfa2e992acb643e5b657b0e170cfa

SHA512
e51fc5dffd39c06abf10cd38b12cd17d0ce82fce192d88bd8b14e3e5d6b6dd969a94af43f2b9cbcfa9118638f5526426dd79b70b9e540065e9f9461aeb3eda0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea6286308747575777c1744f2d693601

SHA1
47cd8948ccc101414d51876891ea47abf2f1590f

SHA256
00bd35aade4690b08beda5c2dfec0226fd6046512929bb68bbfb7cfe556d1df3

SHA512
97c0122a518008bf1d73f285c494ab9eb7cdbc3b823d02053cefc9f1ab695afbab0ca9470ea530db14d8ea6a4a81642f453fc54ed4be6df42526ebb5d44105b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b0c3d893256f4ddb2f7f4e7e8026a73f

SHA1
f73b69e9ba514e725f027a2f558f2b939842d9d2

SHA256
3c4f55bf019c539dd7675b042fa0623d9f3b14b4b6dbb98db61408b2155f0687

SHA512
ec7b4b4f1de3f398f3ece48d0af9439569a2d4556715bb9dccd2b6b9b7c48850c4919b45e26b483caf65b1137f7506f305f79bc8f6712face95f5ede7de64566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7f0e083b83cc7e9930db16dd33904a6

SHA1
a3fa8692d3320482cb0ea3bcaa67b5f3ac8946d8

SHA256
03e3807bccc66df8488983b352d57d495e7d236a968253ba5c313966c1ee7ae1

SHA512
b767fb2907a9f4f9278c67b5294c4e141e286311c4902878e6c6d7afb64204d8a14984c3e67758dfbe020dff02802d5f0ed9243ac09c4191b0ac9d72c0729cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1aff0c2f84d4454900f62a91bcc49d40

SHA1
40f90547ff0a948910181be22c81ea5f7b8b1e8a

SHA256
90b82a0bb4896510ba7671ba6392d03b56fa95102181dc5455109c02532e00ad

SHA512
730026f0510110813d4368a58ff099bacdc2f727f17878469038634ce27995e889b8737904ebf8fbf99ddbf2d0165f12cb64fcd9120b29429294e7d799e114ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
55ed33d2a8f322c16201918f3cf110b7

SHA1
0d5236cc76045aa15613926a228701943fbfb70b

SHA256
829d411072b687c4e928b1a981cccc356c2798448febc33ef500dbc4886fec0f

SHA512
bac4c1b52e198d954e53bd15b2d9ac9102bf7f19c31238c74256778ccff07ac0d5c1cd80ceaeb68fe3c5019a77d67dd3dce799af921802871ada0321444de411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5bf240ac7eaa9606fc215924f8839553

SHA1
08dc093f21a0983547e30195623d6b244e160710

SHA256
082a1f05f149b3ab1641cf7e2c9df2a237b4f8ac65b591a6662fa9d7ffe25310

SHA512
02398f13c8b226db1a287cea90f359a089508aea6a010060027d4d18ba211f0029f4e3eebc6104bf916d99186f9e9ffac696c7abcbd287a44754685b4cbe4bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e81eb6d62339b445d15722cdadc6639

SHA1
2c036279e434322df88e468b17c408178268f36f

SHA256
82d96b5b385a47440214dceb40f2b23ab4b0a0f9a1c4adef8b0829b014b7ec6e

SHA512
0c1a9a5aa7a7b1036ca847ba80414c0f5c0b67778d7ca63c20db8ee4e0e0436dee7e1f1e58f733234869faa4e849e8cc0017a556c266dea0e4a121c5121a06b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eb7998edcf53320d644d1a17d2ff9c40

SHA1
f89a114d4c4f61c0292b4a0fa6416156c40d1f88

SHA256
2ff3d848d400e4c01f9e2572a92e6db5c6f4cbc44284fa25875c0080e13f52dd

SHA512
716f81616e3342e9c62b58adf62f39ac8d705801d95a2b9b475568514c1e6f2746fc3eb2ba677fbd6ec6b807c0dd96ba5b6004dc9f8a4a552644c2472dd0c64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5829c10e85901f1e772663dee4eb0b46

SHA1
0f2a8ea6e66cc7a472b01488670cb3bb38dfa29e

SHA256
5b752e5f1a147e4bceb4f97a38b14a8dc71b512ed5f871c07e56d6e994551a17

SHA512
4371202215a9bf3b9d6a43c95aba894e4513e4d5a8b2807f70122d6a51f8d0a76c4b2204232b7e7dc53ee4797c375b46b5f412488edf31558d7c5e5ce38656b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c36599da7b848d4c89e789c569284e96

SHA1
cbc1f752c56f5f1d52adaeb002aedf16896627cc

SHA256
14be89afeb4b7db80277322565e40d03f710db416ed94b350f4dc74f081fbd97

SHA512
9de40a14ea4afc5d69acabe318278716a2830313f9c173ee4caa398b9ccc34f519fb2cd0dd31cb579a13fe47f28513fecbf315d6ab7295bffc71339e7d0df581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a41b.TMP

Filesize
539B

MD5
629ed71f537cf557c79997c681074c8b

SHA1
007fa0f7103ade68c1a14bda25c31cda32b2ab14

SHA256
7437c9e95a3c7db6e9b5d8b7fd5b68ca75e067d68b3bec2669d18cd55be3cb08

SHA512
d2527515a06434db74d56ef13368ccfc8a78fa22e07401550cbe8b8e05a865584bd553eff5b43f466d3bb88d032dd7e33e875f9f6789109ed2ac5b79e28d2185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
71db51e7158bfa0fda9f11cc2a621324

SHA1
f367ae679876ea51babc03e3218424f8c72dfa0c

SHA256
b436249b6b5490126c6f766d7c5cfd8b2ca920a35b306930982d5297306145c0

SHA512
95efb0a7c624836508354e969b3dbbf0ccecda57be76eeecdfb8ac99afc058b5f77d60dd53a1744f550bf2181018f6d6d00778144c888d5d1ee4e72e83e79fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3bc50cb0a556a17d9e8dc91f7457e096

SHA1
1fde9efd2d2e7201ba0dc75dc67ee840a794d90b

SHA256
5df3ed3d951afe7769216f9a68c7ebe6ff99388bb7a2455022394a442a16b5b1

SHA512
a52bcd70ad1ebb65c217d2f56f1084b2a5a1afa11889b7811017fde6446b1ee213cf6f048a8124b7b6587ad48995aada51e8336d5918cad732c62c807a1f0bfd

Download Submit