hxxps://jolamar-my[.]sharepoint[.]com/[:]f[:]/p/jill/Eritfuq3V05IkfCu9NaKlMQBwsWpnFL0ntDiLN4HJgb5Ww?e=TmcuAQ__;!!P5FZM7ryyeY!XnLv9liFBA_uTs0c8LvdhZZJWfuW0qGo1u-DvQmun0HQdaT0Td_j3dvbe4VfcG0QWlSHtpClrmJ1pgul6w$

Resubmissions

05-12-2024 04:09

241205-eqwwfayjbt 7

05-12-2024 04:05

241205-enxpystpcn 7

Analysis

max time kernel
95s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 04:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://jolamar-my.sharepoint.com/:f:/p/jill/Eritfuq3V05IkfCu9NaKlMQBwsWpnFL0ntDiLN4HJgb5Ww?e=TmcuAQ__;!!P5FZM7ryyeY!XnLv9liFBA_uTs0c8LvdhZZJWfuW0qGo1u-DvQmun0HQdaT0Td_j3dvbe4VfcG0QWlSHtpClrmJ1pgul6w$

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: GetListUsingPathDecodedUrl@a1
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe
1228	msedge.exe
1228	msedge.exe
2076	identity_helper.exe
2076	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 2884	1228	msedge.exe	84
PID 1228 wrote to memory of 2884	1228	msedge.exe	84
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 3516	1228	msedge.exe	85
PID 1228 wrote to memory of 2032	1228	msedge.exe	86
PID 1228 wrote to memory of 2032	1228	msedge.exe	86
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87
PID 1228 wrote to memory of 2124	1228	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://jolamar-my.sharepoint.com/:f:/p/jill/Eritfuq3V05IkfCu9NaKlMQBwsWpnFL0ntDiLN4HJgb5Ww?e=TmcuAQ__;!!P5FZM7ryyeY!XnLv9liFBA_uTs0c8LvdhZZJWfuW0qGo1u-DvQmun0HQdaT0Td_j3dvbe4VfcG0QWlSHtpClrmJ1pgul6w$
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb01746f8,0x7ffeb0174708,0x7ffeb0174718
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10869131224974050867,221062850285369409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2448 /prefetch:1
  2⤵
  PID:5800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8fc4753f-de1e-4093-8aed-2970fe6ae9d4.tmp

Filesize
3KB

MD5
2a5a1fe3029fea88ca7cf978e8bd51db

SHA1
06139e531757bd202d97320dadde9025a6178120

SHA256
a148f98e2f8326dd4c576fdee1d1c2969877463aa9ab3c0a4bc3e4c052efe22d

SHA512
495290fb3d6c131b48e149cd7030e3bd582148eca2874e9dae8d441c2ac31cd448a2f7c1ad8f05d593f8e4576f3c58d378d03a18d6c594d5029260b99ea96d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
38KB

MD5
e48061b164573549914439e190948500

SHA1
6ba0bcd37274504578503d87274659fbd4b47216

SHA256
eb7da0478ce4d9f3ea966d7fe81e057cdbd2ff0fd3bd9e80e410851ab947f5e9

SHA512
1d5b3b5980d8bfc31373fb5656f9d744fc60510efd637e14b8c4f63e6973fda67de2c4a33b832be54a29102dfc4e3304d4bce914d3100dccdae8358334dcd1f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ff

Filesize
21KB

MD5
3121eb7b90aafbd79004290988d25744

SHA1
5584f1beb7b9e8ca11833035c9962b3ddd54f904

SHA256
6dbe807b8da91d549a49beec3330d795601ec0f272ea232e91121f3ed703dfe4

SHA512
ed25bf0b7c12742a7b71bc271364970508fb03a5096f42eedc360ce92205af5be0ac4eb0567585882d34629d179f9cab287839247c81f61d894360a83b28aaa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000101

Filesize
25KB

MD5
b2b60f1c7184b15ebd6cb2a213c323c5

SHA1
8fed557ff6e49376f3a4bc56f95a548d6075955d

SHA256
dba7c93d3cf4806133d8fe211dce32aa12041fb82acc4591f464052714878fb8

SHA512
e1a4bb4afa8fa8c09e163ba9c0d264425378c8d50f212e2932a2b21cbb6983b566180657bb753681b960d02ca4dee73a5504d433c536e64da979cdf34aabb8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000102

Filesize
35KB

MD5
a729d45a65e2b9849159e08ef6fd5f12

SHA1
75a14f3e8ac5d4eca6ade8771c84f4f5328301d6

SHA256
11980ecd03e02439a6300eeff5dbf9a48bd52eebf14bbcc246752b0ce5baf223

SHA512
89460bcacbedba68cd7fe67e675c5dfd76e6c43d87ed13d03eebf4a66bc298c85f96605306eb879d4ed89bfe0e53699a11a09bba866226f767ab97203395a6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000103

Filesize
35KB

MD5
e243d03bb4bdfb80fc2b9c40863299c5

SHA1
7abeba96529b293239da5536d4260efa1e797ad9

SHA256
a8283e1b2cabd16be04a6cb0a292e532d5b74520123e09c2cd9deb9eccf2d1eb

SHA512
7bda56879f1873647edf1b3d18e468430fa9a03ac88e8ac5209e834de13b7c0fd195f684f7afde8e526b4993c1debcdf6373357b925b423afcc37d76ee5c0f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
3483ca392ef41f5772b1b572ff0e75b1

SHA1
74391deb83a833efd907802f1de838fe99e415d7

SHA256
784bd7e45bb3deee93fc2f42bf9b73a06358e9887a8fe3cca28bbeeb9f972107

SHA512
f84c06f006c940eab9561e9b5f1dc07041af0deac5b218610dec4979626cf0c81234829c01575b7d63243ab6316140365723b906fa5b49d73031acc07af9f317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_teams.microsoft.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
89111a0eb3cc0a25ef40f80b7f11bba2

SHA1
9ce3187e82d20e6af5dddadaedd2fd3ec0a9f3b8

SHA256
ce65a33d2c880bf6f90116c39bc5f498da7be823845f6d669ca141e9b369c910

SHA512
7374ef8c2f5d4ad98db592548651a2488cd8b01b5c1f42abdb3f9dd5900f4a5f176caed0412c956ac77e952871dd532fc6d3453482a00ed2b3f24788a93bb754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
294f3f6495c6ba6ffaca386e5e90cdc8

SHA1
fc433928c740bbf5471826321564a2ca239619f3

SHA256
d5c9c148fcb95a3af4f893beb5fced0537c7f6e4172bb8074747df1198941487

SHA512
131abc9d30b08b287db8e2ff988aac0b27ab25f317bb1704643fb5e396d774a4ba230940109750269ebd34a2d2b4263a0876e911d481281cf1e5cdeeb8d8f67c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3d0096980cc5c57ccc239afe1591c44

SHA1
e1f5487dd9e75c256598a79578617b3620f36357

SHA256
b06fcc08bdad77c637287727b4b88ce0cddddabd13689c7819472ec3c842e96d

SHA512
a2b47ef745415e49fa5a76a6c7ee75d8aaa5700193013c6ef724dd2e2729d3019e654f365ff249a177dc7bd7322934208b03b3b96e49c6b6d385c012fd5e3006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
00fcba297e67baff255359e826e89dc1

SHA1
c236ad9a14cf59ab1c93f693c6cad75eec40b820

SHA256
a317bd9332a3dac27aa5e59f1fa70e7cf6186835e3289c8b908399c65f32a98a

SHA512
588894b9e9f373e6fbc8c9a4ea619bd6f6dc8b4973613b459218179058ed4fa09157e0fea53944fedd37a6efe4af0a44bf52bcd8c238fbb103b4fd0d08624dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\735cc21d-60d8-4293-810b-319555a6aaa6\index-dir\the-real-index

Filesize
96B

MD5
eb2265b15d0c91c2441dab5a5dedcfc4

SHA1
ebf9e924e94d9bee491b45ec94151c849ed79691

SHA256
831586ab586e784dbac9268ae6b78f21aa4b1d5732e40addd90c12fbef180f08

SHA512
38c741b19cbec7833014f993c07c6d8fd4dfb7899cb202b591b1474099491472868c01b5103e6afd2c60cbadb67b99f215b78d9efc6a6350c15ea39fac7d0688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\735cc21d-60d8-4293-810b-319555a6aaa6\index-dir\the-real-index~RFe57f77f.TMP

Filesize
48B

MD5
8cf471e362c407abeeba4bdbb35ddbe2

SHA1
b85f86c5f011024aacfa7ea65cda3b6a5462efa4

SHA256
f31ad5be9ca082ec8360c41223a4b70a8cad2f8506c040b92ceefa9f88dd9336

SHA512
269b6398051d05a91bdbe68e1492f3da17a73e120cec504f4d718688c1bd351c5c78b84fbacefc46f7993fc1a133cd9af580a21a9f088d1794609105c9a43cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\98bd45d4-052a-47e9-b371-c5bb3317b389\index-dir\the-real-index

Filesize
96B

MD5
57aaea353cc44d90ad5873a470be6637

SHA1
4dafc5d2e6fecaff5a9d959878a38950c5773240

SHA256
167821977c1469462b302ac0e3cd236def5869e4fc9fe40c4d7648600ae672bf

SHA512
edc6de864749a6554ade6bf7e975084242c785951758d1ec954ff4511f6bcc3550f3f9685fe4b7b62bed61f6413329421092bca57fc91ded940e3d2432c32538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\98bd45d4-052a-47e9-b371-c5bb3317b389\index-dir\the-real-index~RFe57f77f.TMP

Filesize
48B

MD5
bd38abd21d3a2fb9b9ce3a0f58ef05d7

SHA1
90e8346bf7b703f26a973aa78e77e3184df8ca08

SHA256
2ba28a7177814cfcb6c283a1f73d21835f3e7157cd62a8d129c48f30f0bd319a

SHA512
0eb4cc0a26271a37bca0b661836f60d6462bd63acb769f5ffe64a4a4c091b3261ef821821811184888820066e870f43e17c87a455a519140134236290dfd74fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
179B

MD5
5966ea7bf569312340198a5fd30ba003

SHA1
2bede7f5c554306d4f9e93b01029cb314b69a0be

SHA256
2a1c4c1f348b11a18f917b10d182046c5b1d8a554407111c387b3e08d808f5be

SHA512
4187402bcb33a2703827baf38049fc13a2c2156d1a2f629730896f85dd70472685b03d96232be3e132547f3076cf2e8135d6beedbc5d1296fe565b2dce1915d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
175B

MD5
ae9db73c16267ddb1608f5c20ab5090c

SHA1
333ef5fe1bd2599281c1c5be0d44bc23e65ef62b

SHA256
197f1be48c5388d38a938fbe0c00019562580be0b11de4bef287dea6928714a5

SHA512
eb14fffcfd15478e9610f4ec27eb8cf50fb9178f2e27218cb5bcaa7efd740758af5e5d545a0557b521db51c7481b92b8ff46bd40da7e4390b40eea497265482c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt~RFe57e05d.TMP

Filesize
107B

MD5
1dd0dd84e2f36163bf4cacc86cbfb3b6

SHA1
7780af24f43a8fc817137e589027a49e463331ee

SHA256
302af3b62bada9d6289379918d747bad9d431b6020280f749b22c17bc0b44f3d

SHA512
c46c36fccb7c02eeb7ab3e8dd418ba4a553bb40ff2ad1ae5a8ef43e7b49c0678295b2e2ddf97444e7125e5ebc66410d04c1e88c5cb17a697a44efa0ab028ecf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\a14a3e91-4007-4639-9665-0fcda6ae665a\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\a14a3e91-4007-4639-9665-0fcda6ae665a\index-dir\the-real-index

Filesize
768B

MD5
baeb1342953b5e67fd6250d7775aefa2

SHA1
2a8b25213c65b942aab01852843b44f423379447

SHA256
885e81792577b4510287c3eb513747e74aef700e7d895b433f63d8a93ce15744

SHA512
dd30555179adebe6866d2033e1bc2f5175ba47331560af1b5351ce7128b6b2b321cc51cb001b9501a170db41b003000cf4070deb57789e7aa849f0c83b476d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\a14a3e91-4007-4639-9665-0fcda6ae665a\index-dir\the-real-index~RFe589a09.TMP

Filesize
48B

MD5
6c4389ad775aec2ae044e9b3e5cd3fb6

SHA1
b180ec21b3d4704a966fc628d56243f3e9cdf58c

SHA256
420d31ba59ade1a5a9f63a0dd7c2fbdbe1b2c011ef93ce004113a32dc0e94442

SHA512
bae0736d3d1c24506aaca8c8fd098a5793465a24fe52bf3ca5e1b98ec1ba7006e87bcb421dbdb6efa9b5742b4a47b3beaa28976fba0f38cc68c85ac26ee83fd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\cf175486-cfa8-4ca2-961b-d2d66b18a758\index-dir\the-real-index

Filesize
21KB

MD5
113a042184a5303659bfb0414ae70658

SHA1
d233ee4c9a017cb834bda7339adb6575399f2622

SHA256
39dc742da30345cfa6ab3e66922c1cd2ea5f0ace9d22fb2c5f8dcaf53042b0a1

SHA512
0e4cc9abed1914c763d1fa1efd111d650f14e69c32658bb4f1ad2afcdf8ffc605006686b2b0ef20ebd3c91f889cc3b23eac9aaa51bb0fc7ee92ab6ce7fe88ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\cf175486-cfa8-4ca2-961b-d2d66b18a758\index-dir\the-real-index~RFe5898d0.TMP

Filesize
48B

MD5
e04c949c160d886a5e24f5483f7a9db5

SHA1
cfd621ed146d5f98a15f2d9f7e733d59ec4f3161

SHA256
9dfb0e67105653ec3167310446bbc7080addfe58cfba15501c252ed96ff9dc42

SHA512
4790192521670808c92514a0cc9e027f16937520fe42e8c1a8983032c33eb4b8bdcde64e735e1c2d279632503d126e766eb9d5cea0cf1e90277ce0d299403a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\index.txt

Filesize
173B

MD5
c02253a56db0269882e5a7efcf12ccca

SHA1
e3adddb4298e345d2ac45f807cbff678d16001e0

SHA256
9b6459e117287ac9fd2437e25eb2644838f0e8f6730fe8b8d43a2ded4b9cc59f

SHA512
dbfad9b26b6bef4412b9bc12ac72673c934973d3342c008b3576204daf39f7d75f4b0ff6f68ae911664a3c703863e560a33c7c57a3f8ec5b6d1af7372ce61d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\index.txt

Filesize
106B

MD5
4105c6b44c3712fe7ca7fc7f70da0638

SHA1
3ba82b37a244fbbc00807a290df45f642d55d150

SHA256
5b6e4527467cafdf4e23bb8f35c53937328f0a8045de0714ea86d3f7a1ca0d0f

SHA512
78ea748dc63d84eb21640f790cb925fc6083c0b47b1c9fa8d5a3dad1cdcf57119d85204749f852e83f3e6f9077c2c527bd4950267bb67ba68a375c81a2486dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\index.txt

Filesize
177B

MD5
7be3a39f4adb7f43b7cc585b2df40622

SHA1
31c9336faf6ee75ed5e5da9f96ca03a8801b0dbb

SHA256
edd7bf4074a0347f82c5b99d6945d9c9e2cc1a4d06fb0484d76ab8f3be7055ba

SHA512
004be7e52b87d87d58ec3c86e2d1cb2aecc396aad5fb5e7448f58b3850ff8c2c0d44ed6a8c30a5a5b2f76208df35ac3c74d9e68b1b3e9428958906454468e83d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
fef178f238adddfa665564b2d3933201

SHA1
f2c0c339ce5f7ccfa145b3c70d086d7bddb86fc3

SHA256
58801d7115686477a1fa1384e25920c44a0112e69057a4f3dfb99167af7a2945

SHA512
d5cd9dd3787b14df31ed930be7742d4f60702df9a1d45ff4f7c0e69312e60334b79ac2ef7e56e4137075fbf66b5788f977aac7889c6832d7fe74fe14caa92b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f462.TMP

Filesize
48B

MD5
7446c61558fd557306474d92f519a241

SHA1
dc89a21da989fb635e980f69276653892ce04980

SHA256
bdb955814ba4ef56933e89eba9919cc847e840187cd645924caec30ff3d46319

SHA512
f143dffbb23e93f3093e26f22ad14a5b2fef335ec3ea7492cd4c7c4b6700c5109415c0664afdc28414b0cc4a5e2bd24b9300e895bf5007b203e129fcab8bb33b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7dced4426314e391852f95f96ab0a4b7

SHA1
02cad0d60bcb041f6c5daef436c23f90d6349623

SHA256
068fd18bab15fd1e3ebb99b54be470bc8355d8fe4fb8f395c5107fbb1623d189

SHA512
4a253ab183dedf67994b1b9c91e72d9ea41fa9a15257b2b1b7734800b583085cea420e66a7cce17868e86c70c254ec00be41e35b2968efc4e4c6843a84fc6f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
043959f1582b175399f043df5c5faf0f

SHA1
36808c560e8bdf5275b5a9267f2ce553c2ec78a7

SHA256
6e5b91792b3e80fd49ecb0b673013279bb3e18c71ee0fc9eab3b9dd19cf33449

SHA512
8ec4c78ff1cc42126043ef4cc94583319cc4cc9a8bdaca336d6a0bbc4b6d05fa0630b76cc53e3673dd21c08829ac8891aef7978a769223d2feca16f0eaf3f6c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7bec12e70cbcb94d82ad778a67b5dee5

SHA1
b714ba5e28a9042ce4d0fa4b81cea7cecf6c7d20

SHA256
8800405f5f870325dd6896ae5f49abd3905e7f291cff1a6340f392dc4f61b1a6

SHA512
9f89affb53ea30feadc546cf1aad617c43b8648d9dec6f944c25f6f06e003788d2f9384d486c4e1e5a0e3f3435c963cc2fd902b3a6217e8454a06f8f8a995a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e4d2.TMP

Filesize
1KB

MD5
c69f43d8d6a6410dc422e7fe47122d76

SHA1
0d6c4dea7b3d415173be7f623d8797a654a3bdb3

SHA256
fca28d86cfa07890e2d6588f844807f03e44e50b823285fef3729d4cddd83f67

SHA512
a4a8d5da821421a703da5eeba7a862a8fe6a9a36ca431d5513a4b3d96e70f6f41a4e9eae6e5ca67119afeae6a669af2ec2370371c2ef3dc8a10c843ab0bcdaf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
387a136c99f109cadfc82f80ec891dcc

SHA1
597dcebd36125c9bc87918b48d06e51233e944bb

SHA256
5fb32aa4c54fc2cef6a047ede80dfdded9e8c1f9a5454a054d985c50676b9aca

SHA512
9b2245fc30d7298e72616945f3b577da5e48a730a5e67cf96378f46cc0008474781203b17f18ccafaf3671aca6cc007b43879ca9e0757ff69b3ac95aef458bb0

Download Submit