hxxps://zfrmz[.]com/xPJoND3NauejMEwcyOze

Analysis

max time kernel
128s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zfrmz.com/xPJoND3NauejMEwcyOze

Score

6^/10

microsoft discovery phishing

Malware Config

Signatures

Legitimate website abused for phishing 1 TTPs 4 IoCs

phishing

Phishing

T1566

flow	ioc
23	forms.zohopublic.com
74	forms.zohopublic.com
20	forms.zohopublic.com
21	forms.zohopublic.com

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4268	msedge.exe
4268	msedge.exe
3480	identity_helper.exe
3480	identity_helper.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 3616	4268	msedge.exe	82
PID 4268 wrote to memory of 3616	4268	msedge.exe	82
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 2464	4268	msedge.exe	83
PID 4268 wrote to memory of 4888	4268	msedge.exe	84
PID 4268 wrote to memory of 4888	4268	msedge.exe	84
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85
PID 4268 wrote to memory of 3504	4268	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://zfrmz.com/xPJoND3NauejMEwcyOze
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb504b46f8,0x7ffb504b4708,0x7ffb504b4718
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5620 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,94980075966670174,9102425319361956429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:4496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
3f8cdca9ea7dae0d9e5e3e052495d6fc

SHA1
ff5ff57011390a7fd5ff76f4b28b5e2de2c2bb85

SHA256
b008785ae9bfea39afd825d77b570e38996e899a7a5484aaac43b26c507b0859

SHA512
441de5024eb5513c65105cbf0d8e4797b7947254cb10fec1fe9a45b687548c023f221af3c706fea549d1a08336d196168c085603bcf4563f0b46f578f63d1457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
e98c9afa5ce2b130d2bf3de15f67adc2

SHA1
61d48ac1c22902a8d0d8e823506b2d7b2c9ab80b

SHA256
c5ebebc9654f06b1a96b2be4dfd318bf86b56c462f4c66b45fd52e7c8411ea87

SHA512
6856c6e94dabd0e63681d5d1e9255755fb18eb97e36196b204ba8dc8cd31eaa10175705afb17cec2b3ebb0d77f8df4e6731288d42039076d4e160d246d2494fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
270B

MD5
28c04b9c5bfb7dd7f763735350eede6d

SHA1
b849f7ba2b0f2f778a64297a0e2d984e0a1d2439

SHA256
83343c8909e1e7c63dd6626cd94907afaf2573d2807114834f60297969f6c50a

SHA512
c0f93e3ab72d700c253c486da32d7c37fa998e835ea601ca0e3eb092dabbb74734010ec3a17a61101ea0f08b60046248930bd7f7cd5bbd5370695e3401b875ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
be518244c5120d009dcf92fea2d1866a

SHA1
20279a26acc1ff2352cd58d8ee087e7e08201384

SHA256
0d56f473d88b4ee2cf922cb217297cb9c4b7be965978a775acb548df54eeb8a2

SHA512
47076f32707c94da4297b2eea1c9fa43bfa910ec80604d7b134e2c22876cf0cc69803276de316e63b30699ebed0ed1816114ab451d99e99b4780d800bf6b4763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e5617e002bf1e09d5b90681a6f7aabc

SHA1
b97b46b7585cd4892bd4a42bcf0d278df4fcc1cd

SHA256
29b9d12957f973518298553bd536ac11e5d35f71f35c403234ba61f74ac05eab

SHA512
ddbacf5a25c9ec99350e623d31e24b3ea5ac306b641c1b7965bac6754a3f8541e884be8f860dcf0a30f1bede52c3ebae7ce2875e6decbe9c331b20b63e5b343d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
631ebdcf2dcbc204fe1ad4fd5b18cc68

SHA1
c8a0ecac405935bdf37ca858ab4b063d4f8b780b

SHA256
74718ec2f0f652752d429cb6b68bc8b609a1f2de965f83b77b2ea1df2192c4b7

SHA512
53cdcd3cc0a90b0becca25f3bc0c890116fc581e7b12bd8c888cde99da13bfbe290ea02ddba90ff7a24914523a3456f332cf59b451e204d50ebfa53e6299e5f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
72e2951b72bb5cc219f2b9f3bdfa0a0c

SHA1
fab86f259cb18889bd161cb769641e931c08badd

SHA256
ed8c2f74d4ea911d98758d7421eaf19e33cf249156a96817f31b3e58b3fa9104

SHA512
ec2de40ce3bb7182b869e6635009e20991e48051c64c26a548acb53ffbbd6d81962f162db3e9dab36311f593d25bbe6750e8fad2326a7fccc64ead954dd38d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
397f1719ba16a873d6f1a146088eadf5

SHA1
25f6204314e3b2f230ae4d57ae458a0e930131da

SHA256
3b5b7e8f5d3162c8bbb01fe9b8b26181a4b245138623b96ebd892ed98f4b99b4

SHA512
fc67c5ad97958cab348e5fd8a5358d60f5f58e5037f418f890d006c54e006d04235a9f801e92382cc7a30473054979c2efb59a59fabf4e2643c3c5fb633d2de0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
ac4d67cac36d5759a2fd8dd19d5893ba

SHA1
35f69956b6f5f1735d2d341c21591afd10123207

SHA256
ba0a687e168d628cf4883b8eddaac5a3ff76bf45eee9f32593c6a8b11881f83b

SHA512
2540da8700e52b2c55d34080b9b72dcfd69732d11dcb46ce516e35cb4fe2ae7e76bd6b336d5fbc769d540e3355ec2ca7b00020c3f2c967d668ef844b0603b6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f41abc9a67dc2091cd56e9be30957057

SHA1
4f92922ba7467edd3e54fe70e56a1802358c1d1f

SHA256
7342352756c58d78772b5a4e041743390ff2bc30d51c0d198c5577b9150657b5

SHA512
4e3bd995de8dd55875e570bbbeb00e441967b27a66e34278066d7d76aeff252f476201fb5ce7512f4b4a44b1900cf22c27261ed099bc56fa625e6836b2b7a12d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d34ca2575fffa47cda7c198ae00bd060

SHA1
4056330135dfd75770e14b29729bf978e62c3669

SHA256
2a113a2c112b5f690427446abbabcfafefab7d638f4df09b4b89263dd7c4f7d1

SHA512
8cb654da5076bc174306ea92fbd95c34338e60e4983ad8c30d9ac4512ac88c54fc5ba7a9f6c5b1f68c7b5a94cc9ed6883ea28bdae5719300b31405f547c9bf37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c260da696f71855148dc80c5b647b2c

SHA1
fd72efda9a321e2c2e137dc838c3ee4e74be1982

SHA256
2f6537bb0bece8abad9f5b5c83a13c1e866cff860a5e66e8b418fd516ef926da

SHA512
d34aba6b678eb863dcdc9333eb22da52916097c1771c68322e07ab0714dfd234a45751de8df76eb05ba2e39d550e346acd2963f1df7e7a7e32a67db4a2fed87f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592428.TMP

Filesize
708B

MD5
787b1b9e72bf26bc228d7d74f462490d

SHA1
cfc6e1d1fd735414cff513fe787587812ead992e

SHA256
44d8fb4428cb5a3e3cebc86d4be2d54700912bbc931520be00635edca53b1b72

SHA512
a17d4759adf2a3783a6de58b1784965f5a3ae1057548a7cc0663408681776448608b6bf5ec4d5fb62ff07606e8ff9ca11ee785e93949759cc64b7277d40a1025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc887ba486d68eb2119bb2fe807fc9ad

SHA1
c8c99dd7cbaa11699573a804fa0f53a16bb75dcc

SHA256
c21e31d1cbab6d6024ca40bb70868546c0bdf1bd3087daeeb00ab1ee13bd71f0

SHA512
cc2c192da065ee72b1dc353e28a67b2a32c061d98a9669b91b7876553131770e5a5076a75e86d30baea968b07c0a0cdb7e2f08336a8d53db486badef491c8d36

Download Submit