hxxps://theoggroup-my[.]sharepoint[.]com/[:]u[:]/g/personal/rohit_theoggroup_co/EW1S6u7eBPZAkl8sn76CFW4B9_fhjfgaN299JnYAgaQ9MQ?e=CXhREy

Resubmissions

28-11-2024 12:17

241128-pf5eyasqfr 3

27-11-2024 17:40

241127-v82seazkgq 5

27-11-2024 13:13

241127-qgh4rsvlc1 3

27-11-2024 01:47

241127-b7271azqgs 5

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 17:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://theoggroup-my.sharepoint.com/:u:/g/personal/rohit_theoggroup_co/EW1S6u7eBPZAkl8sn76CFW4B9_fhjfgaN299JnYAgaQ9MQ?e=CXhREy

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
4016	msedge.exe
4016	msedge.exe
552	identity_helper.exe
552	identity_helper.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 4656	4016	msedge.exe	82
PID 4016 wrote to memory of 4656	4016	msedge.exe	82
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 4208	4016	msedge.exe	83
PID 4016 wrote to memory of 2100	4016	msedge.exe	84
PID 4016 wrote to memory of 2100	4016	msedge.exe	84
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85
PID 4016 wrote to memory of 2320	4016	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://theoggroup-my.sharepoint.com/:u:/g/personal/rohit_theoggroup_co/EW1S6u7eBPZAkl8sn76CFW4B9_fhjfgaN299JnYAgaQ9MQ?e=CXhREy
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc36c046f8,0x7ffc36c04708,0x7ffc36c04718
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18214239674011940196,4181154147309138559,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\55f0b1c2-57dd-4621-91f2-6b51e17cb306.tmp

Filesize
2KB

MD5
20c3702684d40cfbb877957f3d715eaf

SHA1
104b799ec5579ff4f3f167019de07dc397c3ab6f

SHA256
9e2c25fed48cec07c630e33287a18c083f891d3bf21fe66c8694c8a76957edd8

SHA512
899a5c2ca4029190852ddfe1d1e25b54289d41af5327dce180ba208a2a3ed64b9d406ce4ebb345bf9fd526e4048a29d7e5289a9dbde627bd98044163d8506cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
672KB

MD5
3e89ae909c6a8d8c56396830471f3373

SHA1
2632f95a5be7e4c589402bf76e800a8151cd036b

SHA256
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099

SHA512
e7dbe4e95d58f48a0c8e3ed1f489dcf8fbf39c3db27889813b43ee95454deca2816ac1e195e61a844cc9351e04f97afa271b37cab3fc522809ce2be85cc1b8f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7ce5b7982b1c59e8ad8820116f70ed73

SHA1
bad83c2a3ae3853899d0068e8881c26ee3a35ecc

SHA256
b232d12fff5e53133732d0d0233c64a070b8a3c511423ec749d8586680e4a5e4

SHA512
7921074f719161001e3567321cb724a4fa776c19bfde0e8ef6833d49ae2e6bbde70f985490dfc2324e6931fb9ee3716a94151947d02ad3f301aeae94e5c249a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2eb7bb53500678f9ad6a184cb6c0572e

SHA1
ece6fbc09b31644478ea2346836baf3cdf058edb

SHA256
521d4ccb13f45c9d41d595496471961eb06bb8fd371a5758a15c87e718868a3c

SHA512
66e7879a27dbb1f3238fd52e39870ae62abb66597d1a7723cc1dd600b936c7d1b32f0bb380930199e20602db293659a0e8f9383344022321dbfee95a1092951f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7e9fc25e116517015dd3fcadd32afc95

SHA1
e2e95d572291a1136f4ea2910a5f29679c0ce1c3

SHA256
519f08059c75b2cf81cce34582d87674291ee79a027b85b396e673e59adb1590

SHA512
e4c926a2517181dbc4320155998c059a50a1a4d1bba90407b0a3f1319c249df9df7f2be6467e9e9968c5b3e46147f9a44793608b0c7fc258bcf60fe5db7508b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b03f021772ab5cc34a8354cd0b07ff6

SHA1
8fa5ae3024fb493972674aee820d8b9f5a5a2000

SHA256
3fc25c032f1e3544d67f02efea224db08343297f0e73a2d4ef866ca177e58345

SHA512
a9086e16490bd4f925c0f7646e6f173004f0cd86618fd4bc88c46c0b52a3ec0d92cbff1908a714c5cbe89b4743ca4c1908ce1f7d66a168880021887bbdb0d2ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f98f365457a4850c24fc0e1c1fa32b13

SHA1
ead7f695e6977fd1c14fc493a81f99a9805e1e96

SHA256
2f8a5607aba7ca56ee3c4a76bc461ec317029f261da5aad3d4b82f8a0f2dc82a

SHA512
eaac722356a98278b42dbb65b89a1f8342e1555735c376388bf26b408bf42eac60c05ff5e138676e3f7d07f810cfc373e2bf1eb3435c7eda8f0b0c2caa76bc5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9e0409d037b6128c3d072abfc059450

SHA1
b3b58c4d68e9ce2dedbbbacc9bd6199ce0905e77

SHA256
0ca3087c2bb04f7f098737566d9aed75a596eb51bb5a9ccc9e4ecb26d60aa43c

SHA512
8e6e18fdbb10be0f6d8d17a2bec5607a40540b4ffb333597e92ca8274e850c0ddc4f7924b828ccbb3af82c7079c031a2e84e5c6b2f88f93e5e33998cc892bc07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9751eb1258d1b8a9921b215073e7c5f6

SHA1
4c5b6a9839ee7ad4581046d7acf7226a727b5781

SHA256
87801ce1473cbc3a483792d89d9095fbfdd495090b30cec3ebaf18615407eebf

SHA512
09109a77ef2d48779c30b0fbb4d2af9e3819d565a43293390b2cf398cf8bf66df2b62c9a0f0fa164d5da82d37ba8cbed66af66c7f215a8d4025d99786015be69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
35cea1876e20444c1b83aeceeea6053c

SHA1
4f71594b31eb81f513ef1256ee16adca2dcf794b

SHA256
ed2cea40c701e998f505472f0d60ecc25074c17ff45f66a8c652a801af88eb9f

SHA512
b59c0d8311f4f0ce692426b9cf0188c8888134d4693ff941d149927d4db0abd3a3411693556a4ce443b55e89df5d7f833b0d7667476b128e2ab1c89e3e68f152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
36e492297844060f77fbaa69ca6e9b7e

SHA1
06f3523f57da5d21fcdff101d36eb06a55aa5e1a

SHA256
78a5df438a14af6264d394adb5108ddec9dfe36606a495ea8fa0c9a000c41cd7

SHA512
4fcf7220b19b5d6dcbffa2aa0d47df19c747db1b61d2e690e279eea27dbdaed85b6332af6c6b922dd968e140101a0735fa1ab8bb42c3b67f026aeb4530c5f3d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
029d7fa976d696457f6566383823d1c4

SHA1
fbf5793c0141c30aa85fbfcba4f7640aa46c79f9

SHA256
c2edc61e0718a864e12de0c3f76b95ca64737fd8155873889c5f489b3051f394

SHA512
a751743ea0637025b2ea7da55ffe77bfb9fe84a22e4faffaee3cfcfc449305db39731cb759de3e2112680a5c7d57d1e275bf3d8431fa1e8fb4cbe6e31a85e17a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6992097728e60568b1d89aa95fe4d7b9

SHA1
bdad434afcef4d9130f724324aa655cbbcdbfe4c

SHA256
2764101c68694a51e7d76ea173eab77555e35b3dc6c677bc41c77c6eb9570aad

SHA512
4316e19a0c4b0c7fb964a825a3525a065aaee40e22a2450b6d80f5a6f357c4be4dda61fa8d6b38b8583a9c8c41f5388cb6b676f5346ee1e37af4cf8624bbdabc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f8944ad8acd5e4827c20ebac12ee9e12

SHA1
35b9b103454ae7fbbf75485415395639b595deaf

SHA256
4bf10672f81998d5ebb7a4cb6ada3b12a5a2ed118299bdc63fb3899a41f3cda1

SHA512
a68aca0773810e67708bdf803f13f22848af3a2f600c9fa2b63adfda425cd2a4121ab3654d7f5196a3640d8f54d280cabfad5c0a734320620f9569d9bb529a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d764.TMP

Filesize
2KB

MD5
26cbeab00fcf1390c033aff0af56f1fa

SHA1
3ba5a1b53216bae5fc99c8c79479830a9523e2d7

SHA256
75e1c300f37bdd15c2ce22525208fdcf877a3b4d451429a3fcbf40fecd9f83dd

SHA512
fb7ff0c20aec007d8adcf2b5a0159006ab517ec78cd6494ea98faa8ee5899d24154d2b0350acc564e6774fb68b26cffbe32f63221cf0381d9efcd32d083dae37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4fff4ef774d7498c8af2bc31f08b62fb

SHA1
937fc5d001a7ae18f4617be1855450d8087db7df

SHA256
eab8c6a9bc28ffea166617d4e39004e6527daa823d641b658de8c849b0bb11fa

SHA512
c23453349f8ba51c66e96dfb0355e8f2f0f9627958f3c198771e8b1a6a9ec12c9087164cd90eaf68555ca4d628642861b9420f05c166637fce6a0dcd4cfa6dcd

Download Submit