hxxps://sinfonyeu-my[.]sharepoint[.]com/[:]b[:]/g/personal/guillaume_rocca_sinfony_eu/EZroWMrEa2tEtX7P1qpSDwIB6VEz_Y6y5dhGfngzNRFCHg?e=4%3azBaAep&at=9&xsdata=MDV8MDJ8U2FudG9zaC5LaGV0YWdvdWRhckB1Y2IuY29tfGZkYjc3MzZmYTNkMTQwNDFmODFiMDhkZDA4YTJmZGY1fDIzNzU4MmFkM2VhYjRkNDQ4Njg4MDZjYTlmMmU2MTNifDB8MHw2Mzg2NzYyMTgzMzM0ODgwMjl8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpGYlhCMGVVMWhjR2tpT25SeWRXVXNJbFlpT2lJd0xqQXVNREF3TUNJc0lsQWlPaUpYYVc0ek1pSXNJa0ZPSWpvaVRXRnBiQ0lzSWxkVUlqb3lmUT09fDB8fHw%3d&sdata=alBvRktPUkNmVFp2QXRGeU0zL1diZWN1aFhKUjNsanJ5dzB3eDlXYUd4OD0%3d

Analysis

max time kernel
241s
max time network
245s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sinfonyeu-my.sharepoint.com/:b:/g/personal/guillaume_rocca_sinfony_eu/EZroWMrEa2tEtX7P1qpSDwIB6VEz_Y6y5dhGfngzNRFCHg?e=4%3azBaAep&at=9&xsdata=MDV8MDJ8U2FudG9zaC5LaGV0YWdvdWRhckB1Y2IuY29tfGZkYjc3MzZmYTNkMTQwNDFmODFiMDhkZDA4YTJmZGY1fDIzNzU4MmFkM2VhYjRkNDQ4Njg4MDZjYTlmMmU2MTNifDB8MHw2Mzg2NzYyMTgzMzM0ODgwMjl8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpGYlhCMGVVMWhjR2tpT25SeWRXVXNJbFlpT2lJd0xqQXVNREF3TUNJc0lsQWlPaUpYYVc0ek1pSXNJa0ZPSWpvaVRXRnBiQ0lzSWxkVUlqb3lmUT09fDB8fHw%3d&sdata=alBvRktPUkNmVFp2QXRGeU0zL1diZWN1aFhKUjNsanJ5dzB3eDlXYUd4OD0%3d

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: 05|02|[email protected]|fdb7736fa3d14041f81b08dd08a2fdf5|237582ad3eab4d44868806ca9f2e613b|0|0|638676218333488029|Unknown|TWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ==|0|||
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
1476	msedge.exe
1476	msedge.exe
2648	identity_helper.exe
2648	identity_helper.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 748	1476	msedge.exe	83
PID 1476 wrote to memory of 748	1476	msedge.exe	83
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3352	1476	msedge.exe	84
PID 1476 wrote to memory of 3524	1476	msedge.exe	85
PID 1476 wrote to memory of 3524	1476	msedge.exe	85
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86
PID 1476 wrote to memory of 2412	1476	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://sinfonyeu-my.sharepoint.com/:b:/g/personal/guillaume_rocca_sinfony_eu/EZroWMrEa2tEtX7P1qpSDwIB6VEz_Y6y5dhGfngzNRFCHg?e=4%3azBaAep&at=9&xsdata=MDV8MDJ8U2FudG9zaC5LaGV0YWdvdWRhckB1Y2IuY29tfGZkYjc3MzZmYTNkMTQwNDFmODFiMDhkZDA4YTJmZGY1fDIzNzU4MmFkM2VhYjRkNDQ4Njg4MDZjYTlmMmU2MTNifDB8MHw2Mzg2NzYyMTgzMzM0ODgwMjl8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpGYlhCMGVVMWhjR2tpT25SeWRXVXNJbFlpT2lJd0xqQXVNREF3TUNJc0lsQWlPaUpYYVc0ek1pSXNJa0ZPSWpvaVRXRnBiQ0lzSWxkVUlqb3lmUT09fDB8fHw%3d&sdata=alBvRktPUkNmVFp2QXRGeU0zL1diZWN1aFhKUjNsanJ5dzB3eDlXYUd4OD0%3d
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb55646f8,0x7ffcb5564708,0x7ffcb5564718
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,13002467067070164107,7479433424639944472,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,13002467067070164107,7479433424639944472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,13002467067070164107,7479433424639944472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13002467067070164107,7479433424639944472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13002467067070164107,7479433424639944472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,13002467067070164107,7479433424639944472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,13002467067070164107,7479433424639944472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13002467067070164107,7479433424639944472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13002467067070164107,7479433424639944472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13002467067070164107,7479433424639944472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13002467067070164107,7479433424639944472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,13002467067070164107,7479433424639944472,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5164 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
30KB

MD5
7fd8f61ed275062cd44af70a13686696

SHA1
8cbac18de1a88fa777a1386b4b565200beade901

SHA256
e414b1efee027dc1f6d35fedf23990d7db3ce02079c938c63713b1ba2ec8d193

SHA512
bdfdb6e9afed8c6683d9153c1bd8a5618bae894c8a1e1e0c2eaf3a47720612f2d26f7e945011ded203a0c12170b3b806702d4bc0944a0972e71f9a33e57b1229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
971a95b2f2f1a6c493b70447676c29f4

SHA1
2ec37bdeba4ffe82aff10a4d630b1547df10414a

SHA256
135b90314feac5413da9d73dd026d3821b45204b4a0bceb7f49f86c63f0e46f8

SHA512
5607a73b3f41a2ead1ad25836bf010323db8c39b2c88c85a4f54030fa96693cd8e540d8aa039b1c4679048894bbd2450632fa138b1a8b6ac5b5707865b462641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
60cae22ac71a3765b40bcbdde067815d

SHA1
4cad26bd05b35f650ee6cedf3d81b4a2b5720ef6

SHA256
e5c577fbdc6e2c4df85d035779b8ec6f174dd8eb5d1c4a6adac6d5e96218e6a6

SHA512
b177041e63a73eda537c3a8ac0a1358897fd604a96d097798a44aa0d680e24fa49814bdff8a0690bef4dd5daa842e253a614133b38bdecf8cedf5db4c94360ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
361B

MD5
727901a58a33b844cb45ddb3961e4f9b

SHA1
4c853ae2a5b321d59551c171c92274e5d8a79836

SHA256
5821c1d11e77d0c2f01f8beb27daaa629b3d5169f3e48a2bcbe70585bfba69f3

SHA512
d227077eb75f84fd22a3ea5028ca1228f15e03f4f6bd6e01744208b568e9bf5a2ab8dfcab02e6b4b2639c119e9bc4916ec809579fbf4681b070d1b9909ab49ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f076f2f55a6daaab1988d099bbc743e

SHA1
0b1bbe6812abf594d3eba9d7baa6a9375ba97b60

SHA256
52a80a4b0f150b09c5eaea22c739bbfe652afec664cbc1565aab85dc9a1c072d

SHA512
a09b51ce2d6c87b9863ace9251319540e098146d7e1590858c6304d82f80d47a9549a334dca58dbed90941ca2430079d33108ba17fb3c934d7d6ddd9a345e4d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c08131692ca643a0d9a850c7f1490925

SHA1
baef3e327725fa48e5928c9eca02d11b4f64f8d7

SHA256
a1808749079682d0f34989e1236826da6975c2215b2edb24ceece96a110bf5ad

SHA512
1a0820a8fe43e83154f2947c1c935c7e35feaeecd97faa47c32348c6e33aab05d6c81c92f50afd31b19346b589d7d0efd5cf0cf1b01ad4e622fecae692fdb349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3bbe5bae982d2b10886406759160632

SHA1
e397e9d3b826531bf0fc6148f2d110a17e094483

SHA256
6ba5e9b389eb0a870210a019d3760153036b5bc9cda4e07c64df897ab1a5c2d2

SHA512
4906e17908935266a2d1a4a8c343bc6e6a6bbaf5147afd924a4b8d156470f2de104058e7b85444e571cea94a1eafd5f6840beb91ad6442e8227d5933ad544e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c55908732c37d55a419043d93285cda6

SHA1
cc077d6ba6b9f89779cd78a8a2916a0fccd30b71

SHA256
0a6fad04453f3fb1d1000fea2975911dd3591a1c376cc5f1ee31fe33e39a7d65

SHA512
f4d4f1b035d513192c227003be90f688db93283d4e71d7da32b0303b9cbf48ef8fa28a2c7a4068729a4df2de6c78860ba6d8711d3332d4cf80aa94e34fa3398b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
418942abdc2b9338396f6c03136018fc

SHA1
3e07699b0e9c930fa7affe62bf82d3703bf858ec

SHA256
6650eb52dfc5ee348a70d385aaba02408a0a1adb3a32d0e3a03343bc3e65b3f1

SHA512
4843dbb93b74ad5c6f84ca193fb183a79c5b05c70e4f8c4a6c4b0b299ff4820f86e606e6be45968ebff72b4aa8603dcecd6eec6a1aa6d548e1bbd73a956c3410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ef5462ef3a724117223598f6d92c4de9

SHA1
34ac3e9eb9d4336e0c56b13bc92d79d2cd20d74d

SHA256
720e447c77256e372d1cdd3f75d4c28599ca034f67fe6123a3e2fcccba0607a5

SHA512
7aa950bdb46bf3fe46d987e593672192dd90b5b123d7ded0a7b955004c77febe97457f5f378698d0a99bdde3ee69615f75054bfe57a6144a816fedbe198a54d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581d66.TMP

Filesize
371B

MD5
0572bbe6879035a7719a7541187e1c60

SHA1
1266d4d2fb65339740570d2ce9409e99fc9fb277

SHA256
3b0124939c5142d9cbb4be34b5177c0c1ef524ed56b932a19f2d35370bbb03e0

SHA512
ad48104535ee4794d2135b42f9b8e1f5581f550c3b1c3b6a2b811cf3b3787f398ae247cb1be5badb095bbc1994bc4f16a6ba6421153a910a5235276ddb34e5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3ae43888c680d34395874e2414c025f3

SHA1
92c6a1ffc72fdd6f767d6414ad59aff427908a5d

SHA256
bb5caf2f9b15b8d4c819a0398ff1f2baa3243771ef7223b7d6a8e3a5fcae3334

SHA512
9f70da1704cdfa023bce6314746a391c0e519c9aea480f8646499fb60eb30154aecace299287a4041e2dd8f156452898959c32a94fe6459d56c85ca2bd94237c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit