hxxps://hitvt-my[.]sharepoint[.]com/[:]u[:]/g/personal/artur_buss_hit-vt_de/Ec__rpduiMJOqVL6CUD5lLkBRbyzryLcU0t2SiKsoOLwAQ?e=0cT2z2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2024 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hitvt-my.sharepoint.com/:u:/g/personal/artur_buss_hit-vt_de/Ec__rpduiMJOqVL6CUD5lLkBRbyzryLcU0t2SiKsoOLwAQ?e=0cT2z2

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2808	msedge.exe
2808	msedge.exe
3472	msedge.exe
3472	msedge.exe
3916	identity_helper.exe
3916	identity_helper.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 3564	3472	msedge.exe	83
PID 3472 wrote to memory of 3564	3472	msedge.exe	83
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 4164	3472	msedge.exe	84
PID 3472 wrote to memory of 2808	3472	msedge.exe	85
PID 3472 wrote to memory of 2808	3472	msedge.exe	85
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86
PID 3472 wrote to memory of 3536	3472	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://hitvt-my.sharepoint.com/:u:/g/personal/artur_buss_hit-vt_de/Ec__rpduiMJOqVL6CUD5lLkBRbyzryLcU0t2SiKsoOLwAQ?e=0cT2z2
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1196683668355553551,5777015252183859882,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5396 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d03e331c883cee71161cbf79fa234e88

SHA1
64d8bedcafdded5444fde6547de693151395d684

SHA256
66c7a21aa33131b2d3cc383d1f88de4ecd414f612b91ce0604ec3d2dbda350fc

SHA512
af67ff504337ded29c0255ca669125308ed9b4695951a6687f8e55e7eeb73ac7567921f891637b42b6b2e6a2cb1f40eee2bc1d5eb6ce0b4345b2109632a841be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a602c2daf8c923173ae5ac944d114ec0

SHA1
8cf9964a700048263ce6361933a91eba676d6cf3

SHA256
ddb6c3d0c7326bc051cea91bc1133d49ed61a97c03a5767bc82f72d824d4b96c

SHA512
4b4be7bf93b26954083c53b7b2571e7773e32f6f604db218a8065034624096fc27c5651ed6214341cbf79286cfe5cbb8b25c5fec4756f992e9302eb82516a301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
81be3d59040e56f56868f601589a4814

SHA1
827d770c9f7f9a9beec229a48af9f793b4b8b482

SHA256
cc151fc3d6df7f64a2563f640fa65303e8f1543ddbe688d76d847e0004e21dd1

SHA512
cd5af9af99e6466871ee81a6d7621adce06f5ff3f78b7cc266b70ff374645b40f254610f6c6e68096a6abc89aafc4d69f05a7706f508cd6c7e5cf2926407fce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b20c1b276b1e18e8061be33e7706567

SHA1
35b91a9d07145153f686c540163a73f0fb544dcd

SHA256
865691514ad267709fbd542c7a0a9ed1b41dee0719acc60386b6db58a62f026b

SHA512
b38948b3ba236ab9ff9b547ae970a0b320414b448735fd87570a50b3b0311b3d9e192fd3ec3463f2b778cec77389e64f8a422c872873609c90986939229f7740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06c662f73849c8e2f94439a21696881f

SHA1
ec340ade978501361ca4d784bc376b388b04dd16

SHA256
3dfe3f3d6cdab0aa3bd5d152d729b89fa2a739fa3d8dc8334e6ca9becb243e42

SHA512
4924040e9c8b8852353e3b0c71afa29fdbb2446fbcc5c779d6e26540aa1409a7178139a9c45b564850371c29aa72ff87aca76bfd71859359ed82c6f2bee7e2c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
adb8a417e1f173ba4177327cf7fdfee7

SHA1
da06b77902828837c9cb9f76afc0221220097a6a

SHA256
2fddaa29263b1acb825a88b40ba931efbbd1de7fd98a16bb5caa8123f5e81cb2

SHA512
a0e7ced60ee75805cd6259fdf6601399f11851629c6ccfd07d23ed66ae1f3680553b325b6719e4bc4f26875e4243a409eac2f46868cac7689cb4cbba1ece4499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cb0bd1299f064c885bd86aca1ceec714

SHA1
4b999c0e3d66f17d938b96a131888b1dc19bcccb

SHA256
b5d6a409114172eb793a14662abcf4e1d505b861e93d847acbebc7b2b431725c

SHA512
bd21f880d945beda77908255cbf6f8751e0564a3e0bf70c53c2fd7e1956e0e5d0c0255ac2b6f6f4c6e7b5dffe6bec4bba02578f9976d806a316a76d13c17f5ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1c783fe529c1824eefdad68fad7c7100

SHA1
53d92d4ed0eb3d61b805713c639b0d429013c123

SHA256
8f3499f94ebd6bf3202bfbae5f739c976984c29229e55f0048c667eed910a141

SHA512
15c98c447c810be77267e03951a0b8876b8abcd6fa78f9a994169db53d8495cbae5399ac08f3a2c27a86c460670dcde7021e4f50c21c6dc8f8c0779a65d50240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
98f65db17148ffa8371d4df3cd329241

SHA1
440bda4dcf9d75a01c9f6f49ef1a3b696dccd09b

SHA256
c388fea41d8e89f193dccfeff127ef7464c0f72d325fb2328b1d40b8f9fe0f69

SHA512
53568269b0b9e1a6f8fd78f88a799e5d3c5ef092b58856fc71b05cbff14eb6fea5bcb0e2989e204b46f1925f11642ceaccfd76b7430b6eaa3ce6dd6220e2f3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
299d1e0257c68fe43bd069a60f3b06de

SHA1
681bd2a525005439dc8fb57711ebeba29d68bf16

SHA256
9937a1815a799ec3453c389ea672c2abb666986fc0ec23769b693edf206bf6f9

SHA512
e3125faedb466f64a934b9b50a9b8b4976597bf1c9ae3d7a4188a98105808d0b04884c89097c33c723c102e176b3dc73229d6cd817780b77e92db258eab0f18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c66d.TMP

Filesize
1KB

MD5
045f90d48802314abe950c9b68ec3b77

SHA1
208f556c981e2432f25dd961f69ce804fd659eec

SHA256
481a4c73fe45d938f44cf3a17e011b376ef74786dc7d7fab29c69f5f4dc66822

SHA512
bbacfdcb2dea0cb1cd57c4a313a64b1996be79175b8cb535a26b95713fb5b6edb11ad74db899a0926d09d194e2a02f41c859e51f52b1cdbd2efb50655324850c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
61596c544853ca8c01edc70728841f01

SHA1
47b032f434f056685c2cdd221212719d32c44e4a

SHA256
bde66b3b8e619aacb1509db5cbc22546ffa5f400df65b510ae296eaa3c5bdfac

SHA512
2c61ff001c51547ff6b4154113195a85bc00d60bcce7e1d9b797a6f5cdaa1e43092c5c1779fa1d19c5740c735c16dc044c732ba3a5faa415e85a6b6d91b4a57b

Download Submit