hxxps://secure_sharing0trackingdhl[.]wesendit[.]com/dl/hKB1f19zUSBjoJ3A0/YW5uYS5sb3BlekB0dWNzb25hei5nb3Y

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2024 08:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://secure_sharing0trackingdhl.wesendit.com/dl/hKB1f19zUSBjoJ3A0/YW5uYS5sb3BlekB0dWNzb25hei5nb3Y

Score

10^/10

microsoft discovery phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook
A potential corporate email address has been identified in the URL: X@v
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4744	msedge.exe
4744	msedge.exe
816	identity_helper.exe
816	identity_helper.exe
4648	msedge.exe
4648	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 3976	4744	msedge.exe	82
PID 4744 wrote to memory of 3976	4744	msedge.exe	82
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 2876	4744	msedge.exe	83
PID 4744 wrote to memory of 4544	4744	msedge.exe	84
PID 4744 wrote to memory of 4544	4744	msedge.exe	84
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85
PID 4744 wrote to memory of 1100	4744	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://secure_sharing0trackingdhl.wesendit.com/dl/hKB1f19zUSBjoJ3A0/YW5uYS5sb3BlekB0dWNzb25hei5nb3Y
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb89746f8,0x7ffbb8974708,0x7ffbb8974718
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15744546712536634994,15528471613258146159,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
9d94a6f1e2cbe3dc8ab4c2398a073589

SHA1
6735303f48716af74a5862f0660715c7312cecfe

SHA256
de83106b113e0694730db22458390e815fffd1bb273bceb7269055d0dd77b537

SHA512
acf0f10b9f0ed4e8a02c386cccee3d1480e787a708508bbea1464733279e0023326ca67b7590ed891e58b087ae2cef51ff95b677df0ad427397975d407647ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
205486196e95e68cac6794114b644621

SHA1
0d8533a320fc94763db357057fac18ba880b6cdf

SHA256
5a0e3caeb73a18403e50678def49be04b18f8aac8caec6029436f8f68e0bce31

SHA512
c8ae5c653c3e6deaa37d73c5c0528ee4f787a4209ff64ec236501535df64ab793e002b0081d6320e64ee5392b1ac403c47aadd95336496884547b034c28fb6ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
71666e4c8c7b63e5d2b1edc1c918f1f1

SHA1
fa604edb9524de391b73c971c56e3862f3102718

SHA256
5bff3aad6f2fe4822d3d92294992b4e85460b4bb31fb8af36a63387df3f00039

SHA512
404c67f7368db7325b7e4e7a7e6a1b1df0364d369a2efd43c020b52b453aae693bd5052c692c64dd4ca4c8e3af5409cb8e7906c1dbf2a8ee3f481e7871cde1fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
77a63ff3360ffa9b0c3bb5f21ff2a2f2

SHA1
07e8708f9bbe373e004cde310fe82dcffc3ceb02

SHA256
5c0c0bfa60bde778e3bd6b0c2da8db1cd2dc71a7907af0b31f40e10575405af1

SHA512
357ac6c443e4403f65cd34721a51d939f5855681758260b4e3277b8d4801acb3ccbd2a0b50dc8ce5fb41807add0e9a1df78f710d91cbd71af0e2d972aa91eb67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
69924e65d238e6c550711a1a9800aee3

SHA1
414c538d2f9574cec9f46f130729043240418903

SHA256
838c991dc84ddaf79a0a93e4e1f532c503069e44fbfef9630e77b57a5bd1691c

SHA512
5407f9f339ef9c9b7aa3b0b9e6382decf77b367d253842ef98cbc7f1d229305f1f735a921d5f895e08b53cf3c88b6908a0ce6f594d0d5ae3f6fe1c2255f94236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6da75a460b51b0af3b87bac2a4e8fa84

SHA1
5c69081eced7ce7be008985f5d859a327a195118

SHA256
2c840fb36f0386e1caa1da510e86e9a3669bcd774704f35905dc68bd125d3d47

SHA512
fe7c0d0299b75047fb8b4aa39c8c68715dbaec1cb12c6ff22b880709e92802f621c768c07a8806cef1789089ccb41addf89f82a42d93d2c65206137ef438d0d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
62bc5b2571f2fc885af1759f3de89bad

SHA1
7f21d3f6d803ab60d5664d27a3296909ab3bb565

SHA256
a1b80c5fe70b9206f035143ec002d4298e72a97bd7615204fcc45c73e751e749

SHA512
0acd88e674f74366304d830849b225f00c0b22378ffc7f3d51d28921591d56dcafcf4566e7ce6558554505451b9fa96469dbbc6a7eac0e5cb9b1039bbf5454fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95c12f2c516c7990eb3a08191f23f256

SHA1
71b3a8dd6aa32c09df88cf4f4063293c6bb790ce

SHA256
b3096d86e24c437d55666456caac0ba999ebd757344d9c34e17f5a61457e2b99

SHA512
708520c5006515c0a5dc6f53210bd8d67ff0c9a04db2c718dbb740acb910c64103652b59c7eda01543ba159743bdbf44486621e22c801202f8faaedaa92ca12c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b5b767fe31d873bd8088ae9fe78f7c6

SHA1
5ae909f3ccfcb6316a2ce974b476d26da653b5bb

SHA256
f7ea2ec4f8257b57eb23046569f4beedce3b8bce936bcaf8958c201e8f6211b0

SHA512
b482d859f15701124dd014b7440d67d366526f8f72a4dcf1dce4ebb3382aaa4d2d10d56c666b1f454de67021274ac65dba3dfa85fde04a0418cfaefb8730ba89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b1bf8a15c7ad333ddaa56fa2c7dd0231

SHA1
b897ebc1966087cd7540f5e5fa5f5d64c0833151

SHA256
e1d48f2e71401302c80dc78b0e4ef58e0a05ed4c69ab101d2b8ac4884fd231ac

SHA512
6a758382ea92720ba6d62fbd09b0e223cf935c0d4e3f12b6071c1a5f46c6250a04e2018e82370a2dd1694f425a8910be87ebae092385b9d6747495b9779f92fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3fdc4cda51ffb3126f0563c8ee5047fb

SHA1
08a0e61dbab41add5bc13da88b75b27d4e9e8b82

SHA256
cc44c45243ebd5df18e2cd6594c6b365e5a16d1edec3995ef71d66ecb984c79f

SHA512
0810597a23cdfe31eb970860a482cd97976391cb751ff0f4e5546e4593e94356ee0ef9511ac0636c338ba562adc1b5dd7d8e55493da4f93ecbbd784271f170d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580664.TMP

Filesize
1KB

MD5
155a45f1745dfc806bdcd652b9466db2

SHA1
28b760759ee84de8a01b9f8ffcbd1dda17035269

SHA256
312626a4bafe57707955ee1779121ba310a2cc010f326a6d64b0616a595e2fc5

SHA512
1b83639c3466a716e6dd6558d11dca605a08103eaed4dfdb19ec2769b8ff5669d0b014a32a4ecebb35f07c838b7b44dec9b3c022f446aa56a97e30d39a5130ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af8ab65655288976a97add306eb844ee

SHA1
94e00e4e449d4322d35b952e333115754dc16743

SHA256
404ed4bb568bc969e0cf41bd546661b11280690f6b7d12af1c33d3a758e089f7

SHA512
d773c305f878953992fe16c26815b541b83357c6be4df676cd3770fb1fd607e9bed81256079175b2186ad8255d3419d8ddb341dc96571d35efccb1690f3f6115

Download Submit