hxxps://www[.]splunk[.]com/en_us/form/gartner-magic-quadrant-for-observability-platforms[.]html?utm_campaign=google_amer_en_search_competitor_observability_devops&utm_source=google&utm_medium=cpc&utm_content=Gartner_MQ_O11y_2024&utm_term=prometheus%20monitoring&device=c&_bt=709845446834&_bm=p&_bn=g&gad_source=1&gbraid=0AAAAAD8kDz3LyBEyFXRpr3TsR-dK1xGDX&gclid=EAIaIQobChMIz6PDvZDpiQMVZVz_AR3h8iBEEAAYAiAAEgKG6PD_BwE

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.splunk.com/en_us/form/gartner-magic-quadrant-for-observability-platforms.html?utm_campaign=google_amer_en_search_competitor_observability_devops&utm_source=google&utm_medium=cpc&utm_content=Gartner_MQ_O11y_2024&utm_term=prometheus%20monitoring&device=c&_bt=709845446834&_bm=p&_bn=g&gad_source=1&gbraid=0AAAAAD8kDz3LyBEyFXRpr3TsR-dK1xGDX&gclid=EAIaIQobChMIz6PDvZDpiQMVZVz_AR3h8iBEEAAYAiAAEgKG6PD_BwE

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: 3F2A2CCB574872387F000101@AdobeOrg_29845665012067840266111182008052691905
phishing

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
35	api.ipify.org
37	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
1240	msedge.exe
1240	msedge.exe
1768	identity_helper.exe
1768	identity_helper.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 4696	1240	msedge.exe	83
PID 1240 wrote to memory of 4696	1240	msedge.exe	83
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3488	1240	msedge.exe	84
PID 1240 wrote to memory of 3464	1240	msedge.exe	85
PID 1240 wrote to memory of 3464	1240	msedge.exe	85
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86
PID 1240 wrote to memory of 2388	1240	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.splunk.com/en_us/form/gartner-magic-quadrant-for-observability-platforms.html?utm_campaign=google_amer_en_search_competitor_observability_devops&utm_source=google&utm_medium=cpc&utm_content=Gartner_MQ_O11y_2024&utm_term=prometheus%20monitoring&device=c&_bt=709845446834&_bm=p&_bn=g&gad_source=1&gbraid=0AAAAAD8kDz3LyBEyFXRpr3TsR-dK1xGDX&gclid=EAIaIQobChMIz6PDvZDpiQMVZVz_AR3h8iBEEAAYAiAAEgKG6PD_BwE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9eebe46f8,0x7ff9eebe4708,0x7ff9eebe4718
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,3558451655888685618,7009078826844011780,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
4b771e18566ccd80e6ae0df6e3a7a7ab

SHA1
45061f86cb445b48c7d8285a1a103b36369c9bb1

SHA256
0aead7fbb50bdd2ed3cddba6f8a703cde394a4121928775bcde17c68b03fb9ba

SHA512
99d4786c645ff6b685c6b25cb5f9d30620ac8473cef309bea3d2e4e442ccae66df0e242fc0459cfbe3df66a216e5522481dc72ed2628e1930ea68082ebba14f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
c5f97d7caae9c28dce7505e79bc36692

SHA1
5bac908cf2cdd1144e9606bfbec056b73b071083

SHA256
7ca073a605e152ff3156b0a71913a8f76bd10bcc4f80749c3a31dddd605c9a89

SHA512
5c5cf9a618a325c432afe93d578210452ae007caa6630513b63923288ec5959dc1dbf7967988cb9e14570e2f979bb8f730320bd71c0b1fa7abff8010ace76b67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
600010bfdb03791aba6791d7a9e454b0

SHA1
a868eae23e484ef4f2d7e1bc44f5a99d2b9fa926

SHA256
20da3306bec9856457aba2421db252a81801a3c47e06c1b98cb8f48c2c6ae7bb

SHA512
f9f14b8ef5b86be6f16138f5410451b9b2439a4881491a6fc28e9c2c58656e3e5834e76312cf6920072a92cb5ca675d8f7734c2bf29efb84bef6e5ee532a73df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
59e8658ecb4062322cf22ba03c0cda01

SHA1
7dd7ae67b762586e8d745362ada452386c5d2b91

SHA256
960d6d025fbdba1a6375bd1beba990fca635757f2e996d375a5b857e8e236342

SHA512
7d9003ce1f6cee05198868f746d95f85a8278e4a0e337d8229587b34da664c2be73324e4d0fad5a53e8a6c48bf15ac4a63c77563e20b88b7ea39655675612649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
84f8182f8a135bcf28f45aafffc0d579

SHA1
2dfb2194abb41f8c68e62b38408dc2204e30643e

SHA256
3f9e5d3bb70f2f041a3fd79ccfa9c9e82c9650a7c46ada1db2d46d910d81aba5

SHA512
9547a04ba3f183dc3f331b274ba4f8ff6ced14afc6fddc444588c429f9ce3218f3219f0791a743dedc39abf8ce3e27650c7aa35c6f547d7d0fb2694fc5e0400f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.splunk.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
249e84ae7766222a2dee578e5b2f6b0b

SHA1
afc2f53fabeaedb0b5c1258fe718526cd3dc1c65

SHA256
0207d542e6499f16b9bc18e7dffc4420abd079710deb86163d0bcd6815ee249d

SHA512
b20c67dcb4032597e9f541d3e0f0a9fc993c248ac3023096f6356e6c78dc4ef6affbeee77e4394920b5c35410054513d223d55dd61bfd1d9b8c13c0c6fcd3005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
453ea2bf0b52f3786172fb26211a3f50

SHA1
98aee04a58ef70957436510f24537712f680989f

SHA256
33fb87bd2a5af8cbd03a107bdff926b8642fbc712bd8d672976f2dad7d61142a

SHA512
e0138bc27c34eb266d42dfff707dc1077144552fcd4fc6ec87c6e84f27947a51dd30af6aef33afddd305379ffb381eb2ffd240052a04d048797982821f98226f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
f6a48d633675f5905bb4a7cedc100859

SHA1
3d3a658eeed3da8518658dfbdf3e994a68c6ea1f

SHA256
664ec5884db2937196f02175264d1e9b8975737181fddde2bdb281c9e95e6436

SHA512
5d75990e0ce4207f0f4d7d3e02c4cea062c3805e7805220588bda261d34fd29b566b8fedf79d2db4600ba293cc3a937187fc26ff2d05119a25fb6878584c0c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
dbfe1543b978ca694e6a059e7d818c88

SHA1
c96b2bd5ef62863761a73acc118a5a77b8bc2ba2

SHA256
cd7b359e90f548c9670d66ae3d7190047ba1974d97467f491e273bf246dade81

SHA512
641e605b74539d60aa08f5765afe58176f47d66e846effb9fe54dba21e09470e9592d44966b806bedaa79eb0013798a55f3ff7dda54454db6b1da6f98737be51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fd8a.TMP

Filesize
48B

MD5
41bc7bb003ce5539ae94bc7b5a6ae96e

SHA1
4191b09f7ec13205857addfb4298376deb591b12

SHA256
70a8a3b2a30c719f93d0a8e31cecf28d6667115c417e4d76622706e115d61290

SHA512
568a3695531787726666852cba73993bf7accf762ab1b82f164669eaf2cb66a303fb0ed8ee31fe024a9d0ba9528710634b7ee13709ed128b9abc68be0b6fb8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
83c1dbd03eb9aba9a133b0dd5923dda5

SHA1
75d912fb98d1f662f978641d1625ce641399735c

SHA256
e39a7d44a1ee2148b803a9b53ce061c21cdc551e6515b403a0c0d6abe829a413

SHA512
9536509cd8dfad49732f37659af93cf06806f8a0b0a79aba0b57973c4f60fe6ba8775b4374f35c2b068dfaab432f5a200fe537a842a9af67a1d60ecdc547765f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bd327deceb3877eec91de09616aa0625

SHA1
e1cfdca31ef0328ea5829623e699f0c17e36e31f

SHA256
6662a7a02db6982386fe9ed4f27f70eb5b9c2221d9f337092359d179292f2612

SHA512
800f4eb9e6ed67fcc569c7bb96390286a231c65a2aecc45fdc136466afddc3cec02d52ae93f302f8b1425bbf7c13682ca517b0b3f576d03cb2e42172904abfb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4bea3b1ccb4117809d34a3480e3d5be4

SHA1
51a506fe62d18452916e5721551a59daca763dc2

SHA256
f5b1cc68940f8439fd493a026b8e444bc362717b3c0c16e266faa6ad060794df

SHA512
3acf80e506bcda66cd289a19a55b9764fb9bb8c6e79ef74f8b1d8a55ebcf8596e46e93b447329fef60a03a462801653762c1560038096d15bc2649304af3b2d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ccf15b5f323d7df5948105103f2369e9

SHA1
f0072f9fb93b91d257b0ebb13d7d03221ef04317

SHA256
ca5ad25b7e3fb7e03191ce968f94ba7bb7f00225822f71f1346813b329818963

SHA512
943768949d9c58c4ab78d37ec1af2fea1d23f7e6876a80df4b547360269b7dbea70daef5ab25159806c186f9724bcfd4ae1cbca400341261d5d206b1d88d6008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
de697ff5b4967fe3c0a4f72caeaf068a

SHA1
406c4949c6c5dfddebec2dc20ffbc8e0170960ec

SHA256
aca61aa16af166f694da38c31116a23b8463f5f62b8a5c38f5b6c4bdb3183052

SHA512
7013753a3d0dbdc260581aa04956e5aaa678cc420bbbf263e2fee5ada13d0ff8fefc306850d6e8eb06ff7a39160cb6f78e1d18285e05c449138a164817386906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7ed7dd9b133110be8dac5589324afcfc

SHA1
3bbfff88643518021cba361f9c4064cfef40b640

SHA256
6f4702b858cb9d1bca8c9a3a5f0ded6ac0e9982e7577deedff16ac9f93b7aa33

SHA512
ac74b3de128452f1bcf8318dea4302716537154232f6775897d0635c17f5f37b22ca76ad910a5961cce7eeb9739462a1a4279a5e0f734369e9136615f28c2ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d4dfd7b9f9261c5fde99bbe45e3f91db

SHA1
11f59d353bef35ea73ffa6187e4b1ba9c3c5aec5

SHA256
34ec7f6403176a99cafa12a87f6c63b88789b1237b0975e5426d00e45f562ff7

SHA512
477e3a61b1e620ad28bc8ef7b81fada170cb6da916cf2d05a784121900116e2aaa2e96730fff8e7a11d1af3cc7eba3f934fb4e9305bd7e515508033f1c34919c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c1ce0575f5ea9a9225b5c42e6d613e53

SHA1
265435e38ffd9015b590c2c4dd7e3aa1a940c265

SHA256
1459dcc28fe3773d175dd21ebc71bd3a12a34aea0d68703946fad1d42a1a1515

SHA512
c1b405b8557d2736aefc04b03c6617d69393e8b851615440e713523ada6fb0325ba93ffbfaed628b87014f44efd188f8d489f98a7531b808f39fd0fa03513683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
59f419a525a15024728fea328d2e2252

SHA1
9c601e974fcce1756acb67eab57364392e9542f9

SHA256
a007d680cdab70a23cbc69740676535a9ad62342e81580f708d6e642c21d4d08

SHA512
48b268e0cf5a86b1ba79188fa41778c3cd091c89904d87fc5b7ef81939085fc873a7191233eda8535b6fe2b04863fcec5ecc84d9e81378d2945f4c7164bb8970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5805f6.TMP

Filesize
3KB

MD5
3338a215f0472eefdc3734a2ea2fa9c1

SHA1
75d18067deae2b3d8cf13e88eb6933a59834f432

SHA256
6032842069e39888e016bdd3544609d0b782e78b6e14058bde95f127ae031738

SHA512
8d175f6d6a560adfa5257e68a9ea292b077ad4d6ab0da9558bfd2c3712360b7dd6275c9bfd2c112e6cf5d222af3051624eb07109c7c92eb2cee6d4dcf0d97371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
22223a134b9c965bcd1e62252ce1e59f

SHA1
4945cad316c57bd87d5a0a3bc9c921c1f9805908

SHA256
325abc15604966b44be0eb8458e163baed85ed29422409a7319a38b0cfe93788

SHA512
7cdeabcaa804cee47fd5b052d73bc044280a218b9fccae16b900304f27b9acec03fa2f99322b3667a85595253d96058c53e0f8ec062a2579db219927428038cd

Download Submit