hxxps://www[.]splunk[.]com/en_us/form/gartner-magic-quadrant-for-observability-platforms[.]html?utm_campaign=google_amer_en_search_competitor_observability_devops&utm_source=google&utm_medium=cpc&utm_content=Gartner_MQ_O11y_2024&utm_term=prometheus%20monitoring&device=c&_bt=709845446834&_bm=p&_bn=g&gad_source=1&gbraid=0AAAAAD8kDz3LyBEyFXRpr3TsR-dK1xGDX&gclid=EAIaIQobChMIz6PDvZDpiQMVZVz_AR3h8iBEEAAYAiAAEgKG6PD_BwE

Analysis

max time kernel
329s
max time network
329s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.splunk.com/en_us/form/gartner-magic-quadrant-for-observability-platforms.html?utm_campaign=google_amer_en_search_competitor_observability_devops&utm_source=google&utm_medium=cpc&utm_content=Gartner_MQ_O11y_2024&utm_term=prometheus%20monitoring&device=c&_bt=709845446834&_bm=p&_bn=g&gad_source=1&gbraid=0AAAAAD8kDz3LyBEyFXRpr3TsR-dK1xGDX&gclid=EAIaIQobChMIz6PDvZDpiQMVZVz_AR3h8iBEEAAYAiAAEgKG6PD_BwE

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: 3F2A2CCB574872387F000101@AdobeOrg_63858881313752152872772150097208577471
phishing

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
45	api.ipify.org
42	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1464	msedge.exe
1464	msedge.exe
4592	msedge.exe
4592	msedge.exe
2300	identity_helper.exe
2300	identity_helper.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 2500	4592	msedge.exe	84
PID 4592 wrote to memory of 2500	4592	msedge.exe	84
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 2192	4592	msedge.exe	85
PID 4592 wrote to memory of 1464	4592	msedge.exe	86
PID 4592 wrote to memory of 1464	4592	msedge.exe	86
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87
PID 4592 wrote to memory of 216	4592	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.splunk.com/en_us/form/gartner-magic-quadrant-for-observability-platforms.html?utm_campaign=google_amer_en_search_competitor_observability_devops&utm_source=google&utm_medium=cpc&utm_content=Gartner_MQ_O11y_2024&utm_term=prometheus%20monitoring&device=c&_bt=709845446834&_bm=p&_bn=g&gad_source=1&gbraid=0AAAAAD8kDz3LyBEyFXRpr3TsR-dK1xGDX&gclid=EAIaIQobChMIz6PDvZDpiQMVZVz_AR3h8iBEEAAYAiAAEgKG6PD_BwE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0xe0,0x104,0xd8,0x108,0x7ffe67d946f8,0x7ffe67d94708,0x7ffe67d94718
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4430824679858611132,1413680534053508469,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\65196a01-f376-47f9-a25c-bc5560255d5d.tmp

Filesize
3KB

MD5
1193a58ad725f65c1da3e70e0db1352a

SHA1
717cb61f207ed80197986f95fde3fe0471a1b1be

SHA256
4085c6fcf11f84b6fe429edf362a1cf5612debb319d3c9b35373a326ff359cb1

SHA512
92a7febcfea2228c84068b10f2d7222db69ddc760e3ec51ec9b61f13213a9f716e3d7bc0e4ddcb6c409c7ce59bc0371f03206ed6008dc436a358ab72abac1d3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f94ede79941980ad6f61faacc5ad59ff

SHA1
5e213cb58efa1892eb0c6ae0aa70e1ef10c69dfd

SHA256
2b21ea596967f91a3e551f24f8b9ce6218b42c54eac69e116de6fcebb50b2407

SHA512
ebb1896f1be1b46d7e8f66cebec2bdbacedabfcbbe97497085043c50a7342fee3652d5fbffd945f9207d9e6ce427f5a613d6291b2a44adeafa0eeb2eb2ce591f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.splunk.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
094f8f19466392336c6d099ac86ea98c

SHA1
3c54ea6e3131cd35e2378d584513c4a46670b17f

SHA256
97e510bec5350b5aa3098645adf3c31c40c79f4116be562ef3a053366fed3384

SHA512
24e81c42b56fe7717eecf375a92e527f133ed3d6d6ef473dfd699cb393c724520819c66f9bde25f48e9d3ace9d6b6bc40e04c1c6f86d4883877b504530faf5dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
2458b21321cd6405e0239c5139fbb5de

SHA1
b992d2b70f83462b07ef46c9753c87c98867c962

SHA256
9ffeccc2c1f52d3ec5ab1a5d7ca95c5c6f17f3aa7325a7502af2c95e87c382f9

SHA512
96a8ddd5ee205d0d767a2e182ceba2c913c7f78c7470a3a3778c358d30cb917ec9584517bda69be1f020576c605ea705432df11a392a56a77b740d948f85aad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fb69e49f5c954a67b71e996ec7b3ced6

SHA1
6fde6cc60f634099e3c6c45bad1bb847b03a94d6

SHA256
bd60266668ca8a3d4bfe9119269439b131c9bfd9f403bc3deb62a1c2cebc056f

SHA512
be4a4c0af2ddb6f5e7d52a4f6ec01004e87172b6a69d0ac68019eb1f5b0252a01d58e3f1dd6cc1e7eaa242740e60181108e1505518b6c15aa8c18d2cb2ae8a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
aad71e9a3d8dc5f90cc48aca0f46f71a

SHA1
91ad1f65a1cb8fc69b8c9792a57eb0268e844770

SHA256
3b9368b523186755be30c5c1f5c0fbaf676e63ab93714b2537ec0c4c83576bfa

SHA512
0fe05b8c22b332f192c4802a35dc938b89a992c9e81716d7e3b91d5b27d020e7fd9849b8fbec0068ca7506da1c5c6c4f8170a261e1632301cb37211af4d713d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f491.TMP

Filesize
48B

MD5
51ba1e5bd354836d7ac73e751bb83d36

SHA1
fb2b811668a01c7344af9b02b0992ad5994e452f

SHA256
e009bdf99d18203079a2aecf89d5b0d05c4848476cc8f8c78717b688da4f5650

SHA512
fafca1e33a5319746ceb6f1781e435637610b07364d7af93b1b993d4c30e31a4f2035abfb73b3ad73508910280e1ac410868aa40b42149d5561f60974afaa77b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f7ce730f7c8b7398e7274620fc56927a

SHA1
2aacfc538a3314e97ab8be2784d53ff4985c8bda

SHA256
63b9ad7448c353c06b007f3b32d42d71b5d553176f8299f7b5154d730860c585

SHA512
01dec41ca7331b48028053f73217cb5e3cf16ca1a69864e15e5db2f8f1652b7733b9b84f0128bf8f17edd36a72a1e96c1601c70681cb5432de263a9122c2f247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c419c050fcdfb16ff413967d2580bd2b

SHA1
af3aeb76068e74d6e9fd6d96532f1531597a1ced

SHA256
715abf96f8d76215373f512dc12be74d3a91227e947f9e78ce5645c639f749e7

SHA512
8f785796b3409ea31600b14bc058f8231a12166ba13ae057ecfd49c47f49a321112198394db0b8c186b5c2f10e10303cd7ccc33a6cd8ee2258dff21ffbfe48a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d9aa8c40b4dfd71835c084f7b788a934

SHA1
43aef0e14f516183a74036457b29e95e4ba00c8a

SHA256
430ff41a7726dd4e1a5fca50e39261cb02abecbd10a09d0339fa9913d41f1188

SHA512
b2ac24aaffa0a59c54352e72baf010d49770768a2797acabeac7428dcf356717bdf3433e949d1927531eb50d648a1016ab9eec8351f08c5ca52fb18b2178aabe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3e7208f124b0fe541698d195fd001b8a

SHA1
c32d67999c9e92cd179a1803b8197bf6bef2045f

SHA256
bd41fd1e040b6ceeba261f2db52e7c021821422fbff65cc441a39304c9c9e15e

SHA512
d500f6cfd41ce9e20f9dd15baac770a6c4a9816f277059287f573d3118e2e44e3d817a55bc19aec81c3a15102e8476e80ed4289fe7c100be1a6b094f2aaddb86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d9c412bb7a589d68ff934c1d7672eb4a

SHA1
4a8298be6ac0ac94b507cf184169d552455a8814

SHA256
9101342c7116e49ec42ca528f044540cf608bf58668e576af0833d2b683e1006

SHA512
5694bb8e591ea05bdfb52eb0799ea8790c00b642010461212527f6bba27fa5e7c9ae4ecf090e1447c7c36fe31b26a965acda5c758e9bb948980ceff131d2a846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
66741bfb877941d3344ed2e507307715

SHA1
bdec09a67aae8cfe8198c45210fc11e765b73504

SHA256
58932adf6331e38bd21bf7211f4f1869761003dcb68d8857c9e17746fa57dede

SHA512
6bff43f4ce0546fbd346206a6a68b6dcf1bae7cf08c0f1f6f72486da02f2f5d66172324668072927863d97417c595551293bd55251dddda7787ff5afbbf0b416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d5a836e1ff973db5e56c9e9e2ecbadd2

SHA1
0d419cb52120c5eb24b3201bec065fd33a3dbbdf

SHA256
5f6373bd1c1d14499e4bd9819d3b92c2ed012bc91c02a71ca61f38735dd107a4

SHA512
dfd936a2c9cc65a6e9cce7e1e0fe9e0de09f5fbc371b26e0837a4ce45ea0943fb6662f459a4e4539e72953f5f1b45dc83f33cb6c5c0ea6ef4714a9d6af44e25b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a454a025d8cda4ea55ff5e9548ac0da1

SHA1
d0d62c2a2edc7a45def186c34967ffc887b7d983

SHA256
8a4e0f9eeafec8749eb33916fa6f927ccbddc14068e37ab9ae57154e97ab5338

SHA512
5678eba6bd39c452f422cae72e4d3d40805ef836a66cebd0806fa736b524db48629df6a5288e30422c6d4c1a2e034a126703149b069286fc61356d4fb20ae1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7dace67607988a5c572dd691789fb282

SHA1
d7b895c5798cd324fa57a243ec03614736f64654

SHA256
c1311afd3d9861b9865f4908f9b4ac9eaf69fdf3abcd93f747c2344bd05731ff

SHA512
4023ca54f17a3455a3aeb89b3cec030ba4dbc01d1a26772a7c6b5c7ba36317bb808c47382b9021a90cd8c6992b32e6b219e5c6f76ff168901f9250be8c59fc63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
34d61781a93af0a220fff8c2d3717229

SHA1
a7468317d3216da8fe47c5a2d8f90bee3b2221f8

SHA256
5a2bfa2e8c62e6acbee289a42a63d8fac53f82b5a823665888cf1b77987e853c

SHA512
d526e094c6e5dbac47dd6f55ce2e0bd0a6dce3c52c414408bc18acfb6bc2920a69d97187b0a004dac992303dbcb0c0f1cc357322926ea157c7b9c760c33fc301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d82b04c9739e0ab8e3409dc449d83fd3

SHA1
9acfa9bc09f830fde48f7f918cc2ea5462967150

SHA256
2495a96eb9ced4a92d2d91ae6ff362c1ac6b9a90c819baa7d4d671aacb994b37

SHA512
d09d8cbd6dc1d53df7ef0204b62e4dd23d2b831495629a2f6de4dd4afd10397a0ea8d17f5ff6e7ff736b0bdb8838507dc030963be89536841c88a90016903a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
684ac134d5ab6ae8892324e0c8ee4145

SHA1
9609ee77a80b97768559894ae16a6d12a4ed3d05

SHA256
a7d2b5ba3d2ea08f5f14f9c8d47e8f936842b8c1374d81312598a16a29151d91

SHA512
64a5cfe1b8ff851b993a2668a30afb99499fe428c72c8331dc71af83b3bbca9765f6f66e18324d5c9433c33b13f05eef5dbbfad0d466f9175763bf45d4a69cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b8a9615995d90f0e05113e34f2c9424a

SHA1
3cb948331a05eba02261bae9c6bba20721720c1b

SHA256
1a9f2cfe3ee46647c43117be6869433b79758de0e36d9b7603769206eca35192

SHA512
597d94ae3177d4e497effb1bc5b23dacdf3962810bc000ce0e90bef3945074434ba97f7a6bc62460d99a4d50e567396aa4b76c54e1ceec43de6b85e973467753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7cbc6e2aecb2a997f12af8830e70970e

SHA1
cc3c60b4526f87333440ff32570be6b3c2c73c08

SHA256
d6e6ec020fdb2a24df6899600119805c867c82c293cb7b82768487214bcbd488

SHA512
ef2d1041a24fe1249c1390aaaf06ee7f777068f0bbe491e70adde8228216bfc8461f86ea58edb8507ec6087b6f991d87d6d3ec92a7d04f28417a3b423bb35616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0066e10a289c1194ebef2bc3a56dfc2b

SHA1
48836a4ff68f5082241f7063b09c0a1e8ca973ad

SHA256
4d6c6a7f2e1353288ed0458c46ca3dcfa48630caa4b7ef08a1fdc0581a0eaef6

SHA512
ba0394579f9b3c1f6ca1d398fa5798eaf068b0dae953ce58dbeaafe3440fee78d06971d59e3cc3cb40f4fc8ebf09627dc53d5c5bb7834bee158f89c681e5004f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
be07b50b9e10986414338b969b3238f3

SHA1
78f66cab7cf4007019f43d77fb86951b2fd540af

SHA256
38238c75b0d094ac594bee4b6883ccf36eeb767d6b762aa23799a448b8c1de86

SHA512
de1bcaa9ac85a09934775038a29be7a2a466c8ba1b686523eac819a3f7e90564a5c2ee1078ef37724e8da24b0b3e8939525575cb38b1c1a3e13caea45415c42a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fcbf.TMP

Filesize
3KB

MD5
7925c025819ff7d7f36f3db733264e5f

SHA1
cf57b3136cd0f37887b74c72b4eaf3d3ac63ff62

SHA256
4a4df424073d008dbce1b3efc8d113e55789fc19649b1efee699bbee49a99a88

SHA512
9733fc45e99b351823c7b0642563a63bc73a4101412d6121d134bf0d810f1d85ca10925f3ed27469784d47a14fb116ddd38ddd823998005adf2401e6de4d3b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
747e6f20bd8fd530d179beb360c8bd31

SHA1
8415e07fdb59853dc02cf3e6e1ba1558b464b80f

SHA256
33006d985e6e324cf01f08ec840f90058d836138534a0df2d5f010bbbfcd0004

SHA512
21202d9bcd32924879067c9765ae733d52414fd9c636f91153d5b608b7a075bc1fb8f650751b916171db541a23c0770db0edc45e821d80af6085d0503e46aa9b

Download Submit