hxxps://outlook[.]office365[.]com/owa/RDGlobal@trumpf[.]onmicrosoft[.]com/groupsubscription[.]ashx?source=WelcomeEmail&sourceversion=V2&action=site&GuestId=468367c0-2722-42c0-acf4-57a0342a6e25

Analysis

max time kernel
288s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 00:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://outlook.office365.com/owa/[email protected]/groupsubscription.ashx?source=WelcomeEmail&sourceversion=V2&action=site&GuestId=468367c0-2722-42c0-acf4-57a0342a6e25

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
2288	msedge.exe
2288	msedge.exe
2076	identity_helper.exe
2076	identity_helper.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 4640	2288	msedge.exe	83
PID 2288 wrote to memory of 4640	2288	msedge.exe	83
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 4744	2288	msedge.exe	84
PID 2288 wrote to memory of 3996	2288	msedge.exe	85
PID 2288 wrote to memory of 3996	2288	msedge.exe	85
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86
PID 2288 wrote to memory of 1828	2288	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://outlook.office365.com/owa/[email protected]/groupsubscription.ashx?source=WelcomeEmail&sourceversion=V2&action=site&GuestId=468367c0-2722-42c0-acf4-57a0342a6e25
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6c5646f8,0x7ffc6c564708,0x7ffc6c564718
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6890891994369671118,9265451532445792490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
  2⤵
  PID:980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
229KB

MD5
d5b56a1a93612ec24f055115553fdca7

SHA1
8a342ff402057181806197edd9b149ba4d20473b

SHA256
a78f1db2dbd32375c29ba4368beb3b9dfc5fd1952ab1a8462e300ffc9be1a9a8

SHA512
e76dcc90fd71c47ff642f70620cfeddfaf34cf77bd3f395b3a8f34c3a45e25702406bbabcd784f2b3e18e58c7287b7ad5f62f5f085d1e1945a01c389d958e2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
45KB

MD5
3a9f032a2768f36fdfdc817a6cf8049b

SHA1
9d13781cc80dcf64655e8e712222f44ebbf889db

SHA256
33fed58ddfca9db797465118d12f2f2baf234f072c4ef36e988a85a0a49c543e

SHA512
1197fe638e590c60d4b36624648538a03e2a4783d36d215181a3f2c7ecb6b90aa5cbb3dbabf689c1add0c2c500f1611172d3fcf09fca996c15ae1b25d5f7d634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
32KB

MD5
2e287eb418940084b921590c6e672c9e

SHA1
1fc75a9daa054ef88aaea181f3a9b4cba2b6b6e1

SHA256
6c2c58daae76131a00d1bfee20852f372cf594be7f4a8848acc42f8bf72c1bbd

SHA512
a77f69571b0f04f4a2354d9e18e41ef86f22274eaed20c02215b632bfef09c6543a83591e9db3f2b4036a9684bff666eb6a7b253ba18893500e9cd541ab752a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
80219fdd12f7b5092955c9baeb81be50

SHA1
38dd6f8aa3db92590eb079bc63f3e8dfca08f918

SHA256
e16d2623ed6b076de8bec7a8f7451a28a959bfe08ad9b33c5ed85e583ccd7635

SHA512
108b37c45ca188a8bf96dae05a0b51d7beab4032852a4fdf182fda7c1a6ec2eb5019b15116628063174068917fe14af30c97d29f8f9e6e2465d9808e7a39a7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
a007509aca7891786be74398bdf455a8

SHA1
29281003346a9bd0d72f6613847895755c7bed4d

SHA256
85a4fe30619f5a11c5149775da15f07f3666311ac3714137c4611fc80046d2fe

SHA512
ddd235c5630e301bef79a60f57e111970a6e29fa5130e1cb2685d23d95a2ec84726c939033901871641c9127a4e7b89cd92748d1155486ea5ae318ee82b3f947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3337dce975cfd6daece1b21237d50f68

SHA1
4ac7b6507ea4e257be40339d1a3165d0a4cb0f2e

SHA256
c2316036197b14944563b43899429317b1c90101be26e177338dc36eaa06a912

SHA512
447152ae730debcb5eba624b85a6b40566cbf4ee312ebe1b3afba0f532ffc3d9009128750f9c9f2f32025da2cdae908fe1b2f25bbbfba7046655c9e8f50c61ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
638B

MD5
449ef700b47bf403b8e2fd78311c1326

SHA1
228a4d4d09d8dee5cce1dc7528effb717e46b03b

SHA256
bf191773483db58e88bfd9338bec75fd78d6c3ff341c7f93a367c8cc03c9f929

SHA512
7ad9c00d4d55213368f581a01d77ee016926bb8707b3ed2f9addfc8ab834388652bcae470d2310f4cc7dfb5c0f9dff1e03ac0e59168c12d14a54abfee2ba3c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
120ed797b24c84204a60fc5b5f2c64b4

SHA1
737e5a798110a6b5fbf383031d03522ca95a8cdb

SHA256
7be8c5329b109ac7e1cc9a3b175fff8e9ac08f5e4cb5add2d19697a5cdb87c11

SHA512
fc43c6bb4ea37a93996fd3ee988174893d58e310a4f46d6c7e9141a5e6fc58256e7bc7c087392dbb6e697f53f356fa17edc88844cf19dd9a576e0e845e07d400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
48c13c187e85195637271b32a09f452d

SHA1
a21f9c883a7b173a73475fdfe5b143b06f47ecc6

SHA256
306420d6c1ea0b8da1988cc1843337f79893c0803c6757d9eea6d1e85c1c7860

SHA512
8e584e9a9bf46cb1429f5936b9abf2a2c867b228c7f5c4180f86ef5d7fb136725bd6a68c2d89860e418736fd6e47a594d77205311ed50ec65a442fe199fb8f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9152b4a61f72199e6ebef22a571f72fc

SHA1
17448aa2e829d1c4fb796d25594e9c29eb611352

SHA256
5d9eb89dedb049be08a6288b2819158e8d24ce2ce11982bae92a94183c08d891

SHA512
fd52ce2db0c0b2f0ea4760de768900834ebdf252dff15609745651660a2d47c8da322903b8f45576d08fde763e9f7bf5b2ce06a4de4f54f0d0f3f8a5fc9119f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf210611ac043a694235407c66297116

SHA1
6f807efbfbcd4c7d502a59478be5f99599f56b7d

SHA256
73a4e4dadc7ce329cdd339bcd72aea9b942cf57d62e546cca4ffffd66caa6197

SHA512
de46fdc14f802383ff1f84664328ba9f91b8d964d9c3d1846d5d5db5fd84e659ce603d8932f8b31d4c0dfe091cfeac99cb2f0b7cdc0343e98a58a55de74ad9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab0d793fd5f910103392b74d87be17c6

SHA1
cf8b654c480bbd2184e46fe37dba6a014c8c1b8b

SHA256
42027d5bc6166fca145d763dea0e30f740ce101eb57581febd644cf017c4b675

SHA512
6485a8720fbfd67036b2441e34e7f183803f99d7c7cbac7073c122f0e3cdb07bad3a4c8145b39fd64ca21b494b6d6dfb3826a3856eee703d08a316abc155b255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a259ff0d3b83ccd950afc48bc7d25b33

SHA1
dcd1e60ae6f22977de0c9412c49d333025c71523

SHA256
2e25976f7e4a0b314f5ad98dadf80b86a304c86f2885060ddc09fbac089a3bfe

SHA512
6f059c71c84288fa0acc9dc429136cf1bcdc4ab86d3b9718a8744a5078a83bc4695d19a8d48681295fd1dfd1c74d25b96698318246972b204f64a62834197ed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
90d8824b7646f029b8c738c426d608bd

SHA1
bb5d1919707c59c4b1a482570468c56a7d2268e5

SHA256
e9343315cb342a44f8f0d12999c28e07457d883e89f6441ed55b5ccad5586c56

SHA512
d94599ef1e1afe2310cf8903ef5bd42aa76043a89918eeeedf5143850694565fe979d2abdf5ddf657ed2660cda09affa0157d5027eedcffde34a4df2f69c2db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
011d9e6d51b5f63997e41b2f45e949e7

SHA1
fd31cdd93a133c85a6fb4fd34da0ef0c2d713674

SHA256
7beb0b52e84ce5816715d36ea2291579d6975b87f157091f8e82a7baa162698e

SHA512
07eba66c7f572899fdf5e75b46f75ca80f666d5e8547f57aaf12c858a1f13728fe095f8b50df986b7569486e168f5c62348079ef201c3850be7ed3bd7853252e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e072a5f0d53ea50bd56d9118f3675594

SHA1
ca1c732b75616c9e24b96f97aee36193a95c3787

SHA256
868bdcdd239ba0184bf30edd0143d6d707e5c20511a6250261c20de11e1aed59

SHA512
43122a323c6daf4650409a21e7a9cd63b0ed2ae7e422089c5d0936d70432cd11a6b237fd73e566ed75522139b9b092d99d93f0a5ba7e319604d09c1511639556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
c17dc0d26cb980918d3192b24944cb0c

SHA1
f7ee2dbc067c009296ecdf8bbeab5aad728c4755

SHA256
8152801ecfe038f28267367235324d3d16fb3f0aa55e11ced7692803204caefd

SHA512
47020942428fa8a113c29b991b28a519c98368eeaa4d43dfd35d3a711308a85e83aaa36a916805c9231b04d31091ea6b2127feb2d3c400b00125b90e43248f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
2d761f1fa6d84c8a9d615591159b9e52

SHA1
17db62728a642c602c45fe95037597f5bad7b425

SHA256
ac034580ad4a12070da7349d0b09b4dd3556b7f1acbeb6e331fa3061aff13b9a

SHA512
50dc88968389c6ed421858a45139dcc4ea15aede690206b8cbcd00e059211fa41595aa6fe7f5adc2a780f75e16c79f57388086c60128e57f58af39ac0982e324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a09e4.TMP

Filesize
706B

MD5
ec5fa593bcfafe468589c051f2cf0f80

SHA1
074ccdb65652cbad72ac7dcdcae0034493f2fae4

SHA256
649c20ebe08c8b5ca0ca250b4e4ddf4524921ef7dad0d759aa6309d6d86a8d7f

SHA512
3387c2a913f8d2ba38becfdfd6b353da846e947b2953a72848d7141889f64fd3d67986bb72afc8e340aad685a9053baa1012377a33bc0a18c28279b89d1ee869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e2304674d191de09e2e03dc67ff8031a

SHA1
f89ae686dd3d0c5e55826e26da61453f8307f3a4

SHA256
0fb6000b1783b9e54ae6e0749b090e4c9adc643e0dea10bf2a9b13e167aab291

SHA512
0fdc8306b69c9e43a0cc9fee9a373b93a57d890690e36d36cf3f8aaf87ab57afe99eb855fd9e45c66ebb900d7f1d04837927e7ecf47f51953cc32a11ddda0a92

Download Submit