hxxps://teams[.]microsoft[.]com/l/meetup-join/19%3ameeting_ZDhiYjg1YjAtZDI0MC00Zjc1LTg0NzgtM2JjNjJmZDNiMGVk%40thread[.]v2/0?context=%7b%22Tid%22%3a%22b52ad4e3-d76c-4708-a759-ee32e9b081c4%22%2c%22Oid%22%3a%224ee462e6-271f-4cf1-b0f8-0b4c1b2d43ee%22%7d

Analysis

max time kernel
51s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDhiYjg1YjAtZDI0MC00Zjc1LTg0NzgtM2JjNjJmZDNiMGVk%40thread.v2/0?context=%7b%22Tid%22%3a%22b52ad4e3-d76c-4708-a759-ee32e9b081c4%22%2c%22Oid%22%3a%224ee462e6-271f-4cf1-b0f8-0b4c1b2d43ee%22%7d

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: 19meetingZDhiYjg1YjAtZDI0MC00Zjc1LTg0NzgtM2JjNjJmZDNiMGVk@thread.v2
phishing
A potential corporate email address has been identified in the URL: httpsteams.microsoft.comlmeetupjoin19meetingZDhiYjg1YjAtZDI0MC00Zjc1LTg0NzgtM2JjNjJmZDNiMGVk@thread.v20context7B22Tid223A22b52ad4e3d76c4708a759ee32e9b081c4222C22Oid223A224ee462e6271f4cf1b0f80b4c1b2d43ee227D
phishing
A potential corporate email address has been identified in the URL: lmeetupjoin19meetingZDhiYjg1YjAtZDI0MC00Zjc1LTg0NzgtM2JjNjJmZDNiMGVk@thread.v20context7b22Tid223a22b52ad4e3d76c4708a759ee32e9b081c4222c22Oid223a224ee462e6271f4cf1b0f80b4c1b2d43ee227danontrue
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{96233D89-0E19-4ADB-8F37-01202CBC267D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2156 msedge.exe
2156 msedge.exe
2304 msedge.exe
2304 msedge.exe
3344 identity_helper.exe
3344 identity_helper.exe
1536 msedge.exe
1536 msedge.exe
Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

652
652

pid	process
2156	msedge.exe
2156	msedge.exe
2304	msedge.exe
2304	msedge.exe
3344	identity_helper.exe
3344	identity_helper.exe
1536	msedge.exe
1536	msedge.exe

pid	process
652
652

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 3024 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 3024 AUDIODG.EXE

description	pid	process
Token: 33	3024	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3024	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2304 wrote to memory of 4924	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 4924	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 996	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2156	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2156	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe
PID 2304 wrote to memory of 2004	2304	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDhiYjg1YjAtZDI0MC00Zjc1LTg0NzgtM2JjNjJmZDNiMGVk%40thread.v2/0?context=%7b%22Tid%22%3a%22b52ad4e3-d76c-4708-a759-ee32e9b081c4%22%2c%22Oid%22%3a%224ee462e6-271f-4cf1-b0f8-0b4c1b2d43ee%22%7d
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb03046f8,0x7ffbb0304708,0x7ffbb0304718
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13189328940689306952,16423751343117191056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3420

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x534
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
350eb51cbfe23feb9d9027fed02eb812

SHA1
a0d9b6f997879000c3d22e47eac410a7783168d2

SHA256
b45ee30522f8d0e0462db90dad27b955c6d13718c8eb631eed8bece28f4a0227

SHA512
16cc76ef9cdcf920923836e79a94187e4518b35bd50ca920226002f90a360d7ab562f40947e9e4e01b99154180750beb2a24c602ec9cd2e67f896145698c0557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
e287d9a9f923686330878fa6c03ca8f0

SHA1
c4b540f9cacde0511576f451c06974e7d8b8a260

SHA256
69e7aaf284142b24283c98a30e0aadb62802e117bee6809d6c1fdad8e43c3667

SHA512
8568425d3edd0255da689444800330d2eadceaf51f44f61fb135eb47e986b3e9456d61867c1663e7d80d7580f5cd245d2b9b17da56a674d682f5c57899ae59e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f6fb8259453b7ba7c03b7a7aa72f2b90

SHA1
8ff574cc102a0a06443da69915f1a5e0e8d808b4

SHA256
114dd668416e4535032f86c3913c81a5d4e169f38b841c198d7dcbdf8f42d929

SHA512
1b78762a5698a8fbc357b669571409cacebd1dd0b8f9eb84c5bde6c0c14a9a414bdd6590d7536106d17a88af1b66793127c06a86f73f7e8abf46697cc3b602f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
11b6553f5deedf0beceed6464e017a14

SHA1
c06447ef8660f2fdb83c2b8ccdd7de47ca23f273

SHA256
b70f54dc59c6c3f7ff94a2c3e0572f5187cc4e24cc81dfe56fcbaebe8f7eed6a

SHA512
9458e598fb1385b8745eabfe40ec904ffcf5713d71fbc117547eba57ec30a5a8429eadd4ccef5c0536c496b9d07b726ead50647b832022572fce15b585f79107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a75d9c21d19fe27510d40237ea24685c

SHA1
17b9344f6bbc00641dff754ded5aeadec64d386e

SHA256
cb2b128bf5f52335a12a9b6244eec864b661a81b6cdbeda486eff516a458ffb5

SHA512
3b5bfb1aabb54c22f413c3633496e0cab32465bce03954692ff1d76c754dac377e28e77bb8d616a7c363ad2c4d510e195cba847ea7339d0e8fa127242c87c82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2687f74a5c998ddc62a72708dd4fe30f

SHA1
071cf76881b077024abecb7f1e8fd315ce8facaf

SHA256
546fe29235a1241b87b323a7e1e8ef21fe0d6de06b7ee032c9ee455773ede772

SHA512
2b573ac5aa27cd68fbfccc3eb881a8a37a3e9eaa8580434a793de6bc7226e8d5a0641b8203bb84707f866e323332bf1edbdaaca3244024bc0d383f7ce9c2c102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4f6b3cb273cfc143c75893aa0f039cc

SHA1
f749dd59a5ef463d732b9a899a11e20167f00c84

SHA256
068d1dfb7d44fa2e1d6a077f0a423cd6bc897a96367b40f512ab549e210e7624

SHA512
1b65d89e0015d7377bdd896828bf80fcaa0c9b0dc2502cdb6523357df2ee83d0a3d91f4b3c45f520067d7e2285ef3aeb7a21d38070c7df49ee7670e2d7ce8d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\221042b5-a18d-4638-8c87-16d590b2a438\73cb100cf1fe8262_0

Filesize
4KB

MD5
ef77a4a6e98e6f869e967da5e46d4dde

SHA1
611c8d2391edb0f02900d5ee6d5683e213fd5d75

SHA256
6a37bb96e0e23eac187dc1b949f87045b2b732f1b90e58074e132188d7eaac2e

SHA512
076ee59e143bbb4ad40a87642afa5ac50c2f589b80b5e3baaa419c6f36bccba032c8dccbd4028fa468843dc0c32bb39c05ba4e8b519c628e04d3784389121dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\221042b5-a18d-4638-8c87-16d590b2a438\index-dir\the-real-index

Filesize
96B

MD5
e74bdc9ee44fb31831107d1dfb294196

SHA1
d91bb5714e728a93726341e5c253edd2cd6c57b3

SHA256
07fdb6f4d2ddf403059400e1b9ae55ea1b734b26604ca40800139edf367f7088

SHA512
a2b120a91fa34812c78979387937fa95c9ba1753e73a6dc88df163743a8fe84ab39f540aa35c64ec10c20cc94e931c73112c1498d5264a50a68dcc81cffe9b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\221042b5-a18d-4638-8c87-16d590b2a438\index-dir\the-real-index~RFe5859b4.TMP

Filesize
48B

MD5
da95e850b5ae1cc447342553dc8a2657

SHA1
024b31f9c8949cf058e25cf0f25d60516fcf8138

SHA256
529fc874a5f36570f2530b61fbd124df9d7926493ba1b3a555b0463d98e93ddf

SHA512
e9039df3b2c169432529fff4192d073521ee444a0cb2811b4fb4127a674c3f57de4465da79c9dab5b3f666691352c30276051910075328e3cc0e700f1031a76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\54d6e5a6-9635-4564-9fa6-6765aae135b3\index-dir\the-real-index

Filesize
96B

MD5
f1f11cc7d03ba5188416d5baa4beea06

SHA1
a32805501695cc6b24641f3ac1a12a7fa54c4282

SHA256
7b11d9a76d65624e133e18545fa26bac7abe375ef16ace19b941a9567ee599c1

SHA512
c9ab03d8da78e6924a53fe9fd313f1119b8ce0b5c0dd316151b3562ca9ee38334c17199062cdc31d550b9d642c41ea2ac2b3f5fc00477e17cace0152e6deadf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\54d6e5a6-9635-4564-9fa6-6765aae135b3\index-dir\the-real-index~RFe584764.TMP

Filesize
48B

MD5
fed6cc70ffddfc1f463b119c626284ec

SHA1
70bbad11aeb7dcb4f84c0928f702267187fb46c1

SHA256
9fd313ed502995c7758191c9eff0e46fe1f5961e82359fdaa962613164b55201

SHA512
6f3f544a06030e14f34e7e0f8198b246757b297e99e007856c6cd9f43c8566ce25345270844467a0909e5e80f7b8be360b5b0a1dc3bdec1aedad3fa760ceb0c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
107B

MD5
7485e43eb33646bdae40f5a2d9a82110

SHA1
d3604349506bb0980a8074d3a505453775b7303f

SHA256
5cac46fa4d8e908d83c62db23c9f9768b02afdb8704aceb8e71dde0fe400d4d7

SHA512
cad67c5521b2156e1431156c4ae1d2e10b3949c401f56487453aca420eeca8f4884d37ded6835071b585abaeb50a6448bded403d6cb4988436b306453952d09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
181B

MD5
9cc26fa6d0d3fe7e4dca50b54a1134d7

SHA1
e04919ab6601c75cfd089a58683ea383e2bdccf6

SHA256
a3d8ba0d1ca959cc18315386e639d4d9112a1609e82c65fbc9127e0ab8360ca2

SHA512
71bcea249c368cb267587501d6ebdd56f19d7e88b792645fb71b0968e6d6d8434dd5faaa24d196db0290bb795fcb270246c587b066035840356a9563baf76456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
175B

MD5
ea7e7c3941ec2823bbdaac055db30f93

SHA1
2cf2c5feeac58614fe59a625a379e952a43313af

SHA256
34848aca22e7f9360f8c82a6e85b69f3a15f2ebc20b110a74d40c54433852baf

SHA512
6f05f403c585b116719a79aad7302a32e45ced7ad8c7456d9f6270fd2832d6fe3ee540d31b9675596edd556ac26a20020668e1ea7e2ae75ead6626bfdf332b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
806a14bc14e02e541175d0997f9f3d93

SHA1
d06bc5b2b9032119f6ca90c45b55bc740844ec78

SHA256
59ea00c9f00355e1a16b405e34704dbebc156f7b7dab1743c6c397164cf0feff

SHA512
785cce94941d472a35c3976a702ddefb869a6200502f9595dc6bba4e87e519511b3c8159fbb728498f0292aa395975c4350c9110f5017a7b8bc9f76f4c7a56dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6b505521735314f06348d9ef5fd61d28

SHA1
430fe7358e3e4851b1a4ea408d7951c1d8b57e90

SHA256
49e35969bec9a90123484f325290f0ea7902a0048012af5abb1cacf31fb319f3

SHA512
c741eb595e01b41e78a861f8406d53549c9a04cd7b51149f7fa4e75629208df29037d7beae61de81aa8d7a40b34249730548c944afaf9e6537897c1daac96c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc73f86a82a108a4298bb4fb92be34d4

SHA1
627e797de684ac48bc96487873c03a5b8c4273b6

SHA256
91fc80fb66ede47a637ce95e722b5163ee118d15ad4fbe7c88584e67278628b1

SHA512
60d117049a22daf48eee74203025168daef0157d82c416991e3929c6916f337333fdf858f0f973e2dc7cba655b378c475a706175c7aab31e8800e7f45f3fedb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582ae3.TMP

Filesize
705B

MD5
b1044fb3810b87acf9c0d31b8af70ca2

SHA1
d26ce88f64dbb7c71240652ec0f22afe91a73e49

SHA256
e85edd3319041d220c0c79e9ce5e05a698ada962f1b70f7824145f9b7c608923

SHA512
125cf203edb856d55807ad3f17b790efe5dea26b93d6e88c69ea54df6a8b357c534a838aec82d77d3a01ee26a975fdf49eae37782a81cca9e41be5b99909ee46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
adaedfa15607db317865ffe89c41a042

SHA1
0b49eb89f446463ffacea3c894fcf8100010845a

SHA256
cba70d883574bb6c7c537e8f507602878d69faaf539b125d24543f864bc54ee9

SHA512
e1bb45e963b971225a0bf5a7c7546f53fb751e54c93195e82c16bf7891e7500ab435c8beb64741c06201ee5a666935237373ec26957bed6f5a0ba50c4415938e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e35a8fccd5e06729260b4927b463b21c

SHA1
7b61e21723457f34d4883f7de2344d1e5e46e2ac

SHA256
d058b267bc4f83428c35a28ee158e428b2b799108e0c8cf1b373ec53e515ab51

SHA512
086b083502bc48f289f5d1220909ea1978e6c3b8b30aa0c440995ac10570aef95629b9417f979b6383def45a427ba263f09e25e289a2fef6e174f7bdc55d5138

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_2304_MXDSJNHWGWHADAME

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit