hxxps://www[.]ciena[.]com/insights/articles/when-it-comes-to-ip-optical-convergence-can-you-see-the-forest-for-the-trees[.]html?utm_campaign=X1419821&utm_channel=PaidSearch&utm_source=Google&utm_term=&utm_medium=TextAd&adtype=Text&ctype=Evergreen&region=NA&ctry=&si=NGME&s_kwcid=AL!12312!3!587754483498!b!!g!!optical%20networking%20companies&gad_source=1&gbraid=0AAAAAD8sSMvrC9CvRsCVBI_OxTefsPMCK&gclid=EAIaIQobChMI-6SFrYnpiQMV92tHAR2mIi5EEAAYBCAAEgJvgPD_BwE

Analysis

max time kernel
316s
max time network
329s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.ciena.com/insights/articles/when-it-comes-to-ip-optical-convergence-can-you-see-the-forest-for-the-trees.html?utm_campaign=X1419821&utm_channel=PaidSearch&utm_source=Google&utm_term=&utm_medium=TextAd&adtype=Text&ctype=Evergreen&region=NA&ctry=&si=NGME&s_kwcid=AL!12312!3!587754483498!b!!g!!optical%20networking%20companies&gad_source=1&gbraid=0AAAAAD8sSMvrC9CvRsCVBI_OxTefsPMCK&gclid=EAIaIQobChMI-6SFrYnpiQMV92tHAR2mIi5EEAAYBCAAEgJvgPD_BwE

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: B0F11CFE53308D250A490D45@AdobeOrg
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
864	msedge.exe
864	msedge.exe
1160	identity_helper.exe
1160	identity_helper.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 4168	864	msedge.exe	83
PID 864 wrote to memory of 4168	864	msedge.exe	83
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 3584	864	msedge.exe	85
PID 864 wrote to memory of 2224	864	msedge.exe	86
PID 864 wrote to memory of 2224	864	msedge.exe	86
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87
PID 864 wrote to memory of 2416	864	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.ciena.com/insights/articles/when-it-comes-to-ip-optical-convergence-can-you-see-the-forest-for-the-trees.html?utm_campaign=X1419821&utm_channel=PaidSearch&utm_source=Google&utm_term=&utm_medium=TextAd&adtype=Text&ctype=Evergreen&region=NA&ctry=&si=NGME&s_kwcid=AL!12312!3!587754483498!b!!g!!optical%20networking%20companies&gad_source=1&gbraid=0AAAAAD8sSMvrC9CvRsCVBI_OxTefsPMCK&gclid=EAIaIQobChMI-6SFrYnpiQMV92tHAR2mIi5EEAAYBCAAEgJvgPD_BwE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8b1746f8,0x7ffc8b174708,0x7ffc8b174718
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3044 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10906268424444938546,7415692365900553876,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
d9f56d101fad4df410cf1cd60dc295bc

SHA1
551c807a89549b14ceb0bbecb5dcece2556b07c6

SHA256
b788b61207e82401c339a278c536cecf9f960a161060964cf50609c772ce8ea7

SHA512
cbd1abf8c39797522d22caa3c6dbd0df082ec6d579b88949767092636181f429fac13aa01d13894cd2cc8c37442b95eb92324e4b80ab413964516c7db767456f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f9cc1fb3aff1bea310fcc9c14f9b008e

SHA1
2ed33111e24a3dc7c1f52d0f785f288cc8844381

SHA256
aa01c79c37dac0142560babcc14a013120d826f89e4d684d78055a63a215424b

SHA512
2050df24e7ecdaaa5cafcc841f502fea3e2f5c5acb0a3c338eaae3ae5f32e4ddf66fb201d06f58f80e96a23cc37c291382df4f3aee59ce341e6184a34dba3a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61874c421c2635745a17f1f08cf1af55

SHA1
ec306bfc625b47bbb670693f8c674a757c3d1cb9

SHA256
ac2070ca8d185b88ec7840d04c2f7afe2ef35e7ad8e18476e4a3e77cf80b10e7

SHA512
23c5602ea2d8ef607029a81035a2a2b4981a5972f27f6f36c1889c7228beae129775f62dd68d041fec2aea296844a98b6842e21a2d60f78d92530dce6c5d34c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d27c1781c8cc40767725db656cef7b38

SHA1
798580e33807ef98b7c863c766b7d3cb289dce7e

SHA256
5e2d7494a4887c0a6266d682607552e332d2f72f82a581fc137d6d7ec27236a2

SHA512
743490e5d2ff1a93e53aaf19834a87f450848732a48c0f13b789111e3d20aecb9533ed54e347e22cf7c4a2c506f50b59642e213fda3546fcafea9686d2bc58f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
18287fa2db87e87c0d194349c3e18ef1

SHA1
e5f66fd3b45731761a83b6cc9ed956d3933e0a90

SHA256
f3756dbe5559fb1336fbcfe3ae9b887fbf805e60001f798cc3c9ee0ef0edcf43

SHA512
5cf59465d3b9e27ec6d11095f85abb6b1d3cef7c277242fc35007dda39d7096dea044cb33a820d7817395453e80d69d65a0301f0ca5595cbe858850b6800b337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7a261706c953438012f9ff5f73897d27

SHA1
f6d7ede65bd41832aff51d2d0aacefc4d8ad6ae5

SHA256
cb59db511ca48c9f694ab850bc21d2a4b1caf9634a4958ce54ce61857b694340

SHA512
5b5b944e1e0b2cd5abd735ef5fc68143884045f471607c19729f19b8d0d339d72555707341a2eb42b6e2da2906434bb284dcab15abaa5ccf27a388e3e72731df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5826ec.TMP

Filesize
48B

MD5
ea814d6a19f6c04897c5e10880ab5d68

SHA1
24493b0104a636dbef106dd1a05230c48b0aef39

SHA256
327b56ae7e909f803a7c89fe94a2dcd7b407312074397db0d8a533b3f5320a19

SHA512
a8aa96f3648a42df43d292d25ad2c2c08597e3d0ed477c8c1847c55476113b2f81fd9503efd77cffdb7da2943f0f89ccd9b869c5059239ed6db4427f9a910a2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b539f9d74b6ab57964b525792f0278a5

SHA1
72a2c28c77c06d524658b8df751b3e2d0d55c950

SHA256
f3b501a895df534b06befdc9f0f9e21f6f2dfb2814457994e0d9f07f456014eb

SHA512
2a93c772965a3f1611ef48655865b5de0301c5b0a2ded39a0862edb235e61ed2c3d1fb222d2caaffa7fa97931808db225e2cc3ee6c9b75683572fe069676809a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
010a59a4568b0b779a536d5b50ad9e46

SHA1
dadd01a09b3ae89aface6d92895bd97a9168b5e6

SHA256
5e9e7787095fdb5819fe0e0b2a4cd16abc24b3c19f592da311959684c5720461

SHA512
edadd533c3792ec013ae2ada3228afa8575e7caadd8e1a10fb694ce5e40d66baabd44a9b40a79c31582e2b22189e485e38fdc3c63e8d64587ce9c3a033118414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
28de44646b12a750c5a0eddad6ee934b

SHA1
c009190dc905120ea79c7f81cb866aa110f91d70

SHA256
b81a02b2a1a0155315ce7f3f17598a85c3fba5602b88ec983ae1505440afa597

SHA512
93eb61eefd98b768f2a4e73009604bb072bb027cc1e813d745e72e88eeac80b5a669d306b62cf9091f476396e6f57592ce91700f712ef115d6498c7aaac53dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a78f2b46ac4200dc209c58eb196716e4

SHA1
0c08cb4617ecdc9d294f8112689af2e651620e03

SHA256
9fb5846551232e5af9db434bd5944a8146a95ca43da1d7c60736676c73394a03

SHA512
2feb44eef844895aa1535fd275befed4a3552d689910d2953b67086e6046fe57b50a539db8477973a6f50240fead172478ed41a6d640d1df3f88a6e2803663ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c6cf570c9991e9cb5227e9b80c9d965

SHA1
375feac262a8b2fcf387f90a073786651db5b438

SHA256
ef023eee6e9f909427ecc77037a30caee96164e6c549b891147d31b5d1f43190

SHA512
5534c30443132e418683b8389f11cb4acf306957a17ce5c63b778f9027111a2c582e4e1614a29abf8eb88acfe30187eadb41ea4608127bf81075a1acd13b6ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cfb466a8acb4c5df7ea7c1f1dbbc2860

SHA1
654ee499c4b638a2b4b5ccfa25a99a1658a09cb4

SHA256
86c7a390030d9d522ec23600580bc2eea64f4717e97fcb1fc6b6a7ce653021b0

SHA512
6cb80b4411feefa12eab27952241aaa7337422d5263e6d666dc8d4bed31d39ffca1ff9f522c29a0c0e66e3cb796f55bdab6287e14cdff8f7d2a560422c15c7e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f907b13e658739021b1da30b525894c0

SHA1
d5cf8d582af4f3a5f06486024724327618ea0f61

SHA256
98d0f360438a2e2635f8737a40931be49d6f38fbeba178a0cd1a6eccb6f4b74e

SHA512
5d91679976e188472b8c63b31e450beb2a1ff2bd8a9b1aacc6803d3e3691927bd37577e03bf1a163ddbc12a9242f7de8b2d91ff5d5a851deb544a2b53d6c895d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1f51b530a562e7a1bb4bffd12e0b29b8

SHA1
e04a7970a6fe9b792761fdfdeb4633247c07f238

SHA256
8820eb0806a63c78581917a09b663021519712f2895e73bee467370df5e313ff

SHA512
0c241e8f24075a43c5d115c6f4672c6aab03c56012427199a8a81630648cf8de894a5912721ce63a3af4bec4fbecb1515544278a5cbc13dec4addb97f8629d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40668cf1ea4453c58cd7c4b440a0ce0b

SHA1
e55a50f5cbad95761fd4f426051eb04b252145e4

SHA256
9699f698a95469a56858911accb220a4385feef9995ec9acb5f3a4cd943b5d4b

SHA512
5f091d661e6d921cf696caa59bcaa91b508381cabcb59b97e4c305b125ddc3526385b4456451f253d54aca918c25d7c05bc594b717f19e794dad678392682929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
86c765f31c4095279c6b4bed094453fb

SHA1
89928a719b21dd11c4cded911016b301353c1a26

SHA256
77a47df7caae75cc84e76eb2db9a76cf762ec1fdb85b5750980ed06bc09b9709

SHA512
f8c7326a8a261bf3d13d9cbeed83c477bc613f23b6e639fb0fc2e66c3015c3b9f5e445f416355daca5b8ae82fec5d488cf75dfe59594292408fbfd0c7047f38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
82593d810ee487fedd256173850e011d

SHA1
9277eb1cfb925dfe5fd7b33cb562172081bbc8fd

SHA256
300671eefd1cbb22f8ddbb9d9af31f860fc9bb1085d3ba0782c554f5e64a18a7

SHA512
352922d7b32dd062754dd0a098b0e5a6c9e69a0c909e5c17a73279523a44a93a6da707818d040b534797ca02c2088d869b91f18b29137848ccbb50b2bc0a5693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0997c16db29ae6688b76b274498cfa9

SHA1
4c756323672a978713ebc756481e1eafa4a7faef

SHA256
4623e59a2e130c104c1862766e0621da4ee6553f5f386816fc18b8fd7d93256a

SHA512
9c26aabdf7c9fc6ed41267d3372109af30f08387f59599fb931b7a1ca0e382afe125bf4859f5591765af37de362be75f8c6c8550a1c7ab65321650d0b26ebd73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bcb49a06f394e043be4f9b13c0ed7891

SHA1
6fb557002bb358167c9b72af2ce77a9b058bce6f

SHA256
6e79bb5eccbe3c08a52b583a46c1385803afd7a66ab829d0d9be3be1323266bf

SHA512
dfae6a02b4772dc5de6ff78004163d6ec84af58705a45d76eff2075e0a6295866b3a935fa37c2e290edd491412921856755e3e7cdba2099e7c1e8043912a58a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
abe6592949f7b08f21bee0bf7d8705df

SHA1
db4f2b50bf3b902e513ce4dacff1e715223bceac

SHA256
fe045a0157ab50550ba63063ad253aa1d8f6f93a5e664c74be24808fe065e17f

SHA512
d7aad8a29aca4f243b6ea04ba28225b1baeb1277b978f0b9e7eda123861454e52fa8632d1a5e474a65e2797bfd45cddf5d85240a63c886e5fbbc7ee88514129a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e70249cb5a3a863142a9450afcb83a89

SHA1
e671eae34ff0e19be4cc62093b31a737b5ba1693

SHA256
4a6f53b5994615be3553ec4b874fce3eb5bc65e64295b71dafcbd0ba092efc12

SHA512
d04acb7ad7a0f091b50d7ba5dd752d459879e832054d6a9ca618d66a8a632948502c864dcb3e96ae621cb3099b575531d167d6d03ab14ddbff3127e437a146d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c2518978ede4af23dc7d62422bb32aa

SHA1
ecaffc10e029760367ec299b4a59591eec930669

SHA256
91bc1a25483366646544e76eb773994ec75bde1765a1d942418a5c56af1de7f2

SHA512
a298d30e7125a63419512905705d093db6b810fd6632aabe5f49d2146c9f49007a45ee6a40cd593baf3a920ab6fb250a02a0b697271efc8d50c230b07c414b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
660bd4e6e8972335fcf0fd5736fc149c

SHA1
f8960b761359f5ebb61eeeabd225466ed419ecf3

SHA256
f8a481117dadf6f861d4ea31b4cf24605d6a97e5457ac30451cae329224f1b31

SHA512
692c9544a8c85447d4ce36c90202d9304753b9b789272be31b33d1abce9cf41a80753f4c8f75eea6bb3f42443c5a822f7d4eeeab6a3022fbb71f96ec1603e3cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58173c.TMP

Filesize
1KB

MD5
7f8f0d225f653471ae05ca7ced37b1f6

SHA1
60612b7bff5c3af7eb3a684bd5283de3d4a21210

SHA256
c5f062e1425f0d9a7bb9990d59455156e8f5d82282cdab7c27b67b5066cf3e83

SHA512
c15af53698d5f13d4c2f278f5e7e5f0781604fa325580aea492fdedc3346b479cd26bbcabea6fc560f6a2d5c5a3a2310bdab520ff12bca207f4e82dacc9f6ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a1330f795b586e814a401292ee61e4c7

SHA1
88d7ef083dba6f6d7c2463c07b49fef3b4358d85

SHA256
4184fa26d2b2c6eb8106fc43c9102df973cb5069e7412c5e3465249b70c8e89c

SHA512
0d0ea836e7cdda8f98487cd84ece53fa0cac6d2c62fda5f4d59601c53f05edb06af1b9ba7946aea5c79699ff49d2260fe1301d7b4ef47648396d8f4a6bc29cc6

Download Submit