hxxps://landexpressusa-my[.]sharepoint[.]com/[:]f[:]/g/personal/securedocument_landexpress_org/ElgPn7aHsX9Aj69JqgnU1o8BFXwJNGAbtMIYXlWq1MP91g?e=BIfzzY

Analysis

max time kernel
96s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2024 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://landexpressusa-my.sharepoint.com/:f:/g/personal/securedocument_landexpress_org/ElgPn7aHsX9Aj69JqgnU1o8BFXwJNGAbtMIYXlWq1MP91g?e=BIfzzY

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: GetListUsingPathDecodedUrl@a1
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4768	msedge.exe
4768	msedge.exe
3684	msedge.exe
3684	msedge.exe
4604	identity_helper.exe
4604	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 3556	3684	msedge.exe	82
PID 3684 wrote to memory of 3556	3684	msedge.exe	82
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 3060	3684	msedge.exe	83
PID 3684 wrote to memory of 4768	3684	msedge.exe	84
PID 3684 wrote to memory of 4768	3684	msedge.exe	84
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85
PID 3684 wrote to memory of 2364	3684	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://landexpressusa-my.sharepoint.com/:f:/g/personal/securedocument_landexpress_org/ElgPn7aHsX9Aj69JqgnU1o8BFXwJNGAbtMIYXlWq1MP91g?e=BIfzzY
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d0cb46f8,0x7ff8d0cb4708,0x7ff8d0cb4718
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9728462976635805436,2122515557164049255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:2460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
38KB

MD5
e48061b164573549914439e190948500

SHA1
6ba0bcd37274504578503d87274659fbd4b47216

SHA256
eb7da0478ce4d9f3ea966d7fe81e057cdbd2ff0fd3bd9e80e410851ab947f5e9

SHA512
1d5b3b5980d8bfc31373fb5656f9d744fc60510efd637e14b8c4f63e6973fda67de2c4a33b832be54a29102dfc4e3304d4bce914d3100dccdae8358334dcd1f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5

Filesize
21KB

MD5
3121eb7b90aafbd79004290988d25744

SHA1
5584f1beb7b9e8ca11833035c9962b3ddd54f904

SHA256
6dbe807b8da91d549a49beec3330d795601ec0f272ea232e91121f3ed703dfe4

SHA512
ed25bf0b7c12742a7b71bc271364970508fb03a5096f42eedc360ce92205af5be0ac4eb0567585882d34629d179f9cab287839247c81f61d894360a83b28aaa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7

Filesize
25KB

MD5
b2b60f1c7184b15ebd6cb2a213c323c5

SHA1
8fed557ff6e49376f3a4bc56f95a548d6075955d

SHA256
dba7c93d3cf4806133d8fe211dce32aa12041fb82acc4591f464052714878fb8

SHA512
e1a4bb4afa8fa8c09e163ba9c0d264425378c8d50f212e2932a2b21cbb6983b566180657bb753681b960d02ca4dee73a5504d433c536e64da979cdf34aabb8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8

Filesize
35KB

MD5
a729d45a65e2b9849159e08ef6fd5f12

SHA1
75a14f3e8ac5d4eca6ade8771c84f4f5328301d6

SHA256
11980ecd03e02439a6300eeff5dbf9a48bd52eebf14bbcc246752b0ce5baf223

SHA512
89460bcacbedba68cd7fe67e675c5dfd76e6c43d87ed13d03eebf4a66bc298c85f96605306eb879d4ed89bfe0e53699a11a09bba866226f767ab97203395a6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b9

Filesize
35KB

MD5
e243d03bb4bdfb80fc2b9c40863299c5

SHA1
7abeba96529b293239da5536d4260efa1e797ad9

SHA256
a8283e1b2cabd16be04a6cb0a292e532d5b74520123e09c2cd9deb9eccf2d1eb

SHA512
7bda56879f1873647edf1b3d18e468430fa9a03ac88e8ac5209e834de13b7c0fd195f684f7afde8e526b4993c1debcdf6373357b925b423afcc37d76ee5c0f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e9

Filesize
175KB

MD5
7107c752f3901d95bdc4e9d46ac2b6d8

SHA1
747a0d933dc2ef38a98fa11a44ba661ec6a5eae3

SHA256
c4a5ecaf090da5f8115afcf0d4b723810054ecf3de31acc5ea6d48f9eb2d4111

SHA512
71d4ff3fa6c9a902b299302109d034d4610ac8a31ace170f09a3f66bd0d1259c41361fc29f2205fec6eb49995ffc73563399a6ccc536b8412bf1064485caabd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ec

Filesize
159KB

MD5
78450fe21afa3391dc4dc62d5f1e09f2

SHA1
8aed39e81b26f10dd32c5b131eb7493d6d41b06a

SHA256
4903f015531ad7a745aa8c5155780c51adba6e0f671607c3fa1447795f33b794

SHA512
46db3beebdbfc0ae2b4e6d8f015e0f122851cf57662d5f445e2c4cd4f7ca2097690a610247e08f789685411d75b018cc35bc0a679b4dcf9e68c9fa164f347256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ed

Filesize
165KB

MD5
34049e45a502035c1ee78f0b0967588e

SHA1
dd604c54963f4ae0cb4cc1c6890b66822a6d7b82

SHA256
a84c114bbb185448de945b27fca0b6ee207f4801505e3046f35db050f4720eaf

SHA512
07b046af74583dc5ccb2dd1a636042b36dd4ee50aa6e7a3871cc26bec7aee823dcb2ef8bae3f465a374b04ae92b8cfb90f41ad3a76a0d2db1b6ca764d8eb204c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ee

Filesize
142KB

MD5
d1e0216a2cc3db1dd95ad3230a39a0ca

SHA1
a629d848286dcdb6876631bdd3bfd7dc6e05422d

SHA256
b41f67ebf201d922b8668a628078e11dbece1fdf875d1df93495c3ba3cd31372

SHA512
50f8b14adf524175f2867c7e198c71f78a5b9a1c2447229a418c382519299820ea1f0dc77af121c58ea116e2cfb4163b62c961cdb7091fcc4e9691d6135f3883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ef

Filesize
43KB

MD5
820f40594a0e8d5f9d58546208aa9060

SHA1
e17ed5116a34c432013a244c979ac9da53829d74

SHA256
f8f708049e1e1609af3959cd21eaf313c8192d3e962887a7a2e1f9b353d3fc80

SHA512
95879b255a90ccdc41c8696bf7aa05796db56528fc4be78f2d13eb2233740ac8cf0f92bdeaa169ebc5c745f3e76ee9fc67d2626160b9e01c5f5a19b8cbea605f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f6

Filesize
672KB

MD5
3e89ae909c6a8d8c56396830471f3373

SHA1
2632f95a5be7e4c589402bf76e800a8151cd036b

SHA256
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099

SHA512
e7dbe4e95d58f48a0c8e3ed1f489dcf8fbf39c3db27889813b43ee95454deca2816ac1e195e61a844cc9351e04f97afa271b37cab3fc522809ce2be85cc1b8f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
49bc9486b002059b1b7680908033825a

SHA1
8f470963a004836cd5a962bf70774ce11213b2a5

SHA256
a301290a5e94f9895955b6f1437cf8d1854151283060e7fbe0ffc01fc5b5b89d

SHA512
736a95dfbb7438bc45bd5abfa50facb68de0175decda2fc5dd1da2ed7a778a3c77b194f32a4354f524ac756035b4f2a0249b400352f47bd6264d3208c9e14f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd7657a12a3edcbd553ad908718a9696

SHA1
e09d5d14dcf9a2c3025778730420465c422ec9f1

SHA256
7c1d98bbb36bbf16ae9bb2ba72e258759e495824005fac5cd35125105680ef6c

SHA512
81a2ebecee0d85a0305ff5e10b6c34c6b84f8eda09b8af8784a9e9b136860336b6a682c89415001e8b549a2a61896c7e1d7350d12cde322e7e8ca14e947ba62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1035e405f837f25e056892a66cd57dc2

SHA1
d6726777dcc5da8a8f498d9071568651a939e49d

SHA256
c51b9de33c687ba36c604c9482ead7fd7655a487ee35a4dd0bf12b3478bf8f81

SHA512
00441b318eb34eeb3340d7a4fe2c8a3904303649056e5b695e108a8e6d0c5539c3f1d14e9ccdae6b5c9ced78bcfb814695772c984804f1c096ce4cc3bb19dfec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d320c53a9e10f2baef00b604763c77bdb6a00bc\37c3cd6a-981a-464a-9ccf-8685e73ac081\index-dir\the-real-index

Filesize
768B

MD5
a9a6d604ce842faebc954b78bfe397f3

SHA1
bec987628dadd86f699003d59f23cd5636ccfd72

SHA256
7f128b7b643cf1ff42b176a952ec5bc7462581bd408cdf71ab84ca2d3ce68779

SHA512
783cf42ca65da41bf8167514325a70bf3fb1fe7f02b9de7ff45f047de35091b23027e6b961bc5594319e85a61d4f6b8cd06a22b2cd371f36651da5dd7243869a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d320c53a9e10f2baef00b604763c77bdb6a00bc\37c3cd6a-981a-464a-9ccf-8685e73ac081\index-dir\the-real-index~RFe585c73.TMP

Filesize
48B

MD5
e927e805f0bbc5adc7dd2594b8577632

SHA1
40d777a3c1c3bbdf37afdfc15e52bbd798fa27aa

SHA256
8a52c38914ee4888ce4af136af0e8a861829326406a03489ea6bc083f3977416

SHA512
818b3deeb6b6b228cf40712a101a99bff3270c2ab5c6d71c93bd6de8d64b4ec1ff79fe30a55ea72516fca3a95e6bbae7a3472e771d67a0f4980b9bd2b46fc1b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d320c53a9e10f2baef00b604763c77bdb6a00bc\6fe8646c-9e3a-4af2-8168-53747bfe4d8e\index-dir\the-real-index

Filesize
21KB

MD5
deaabdc6d77c1d8e64256a4bc2ce5e18

SHA1
70bda84abdf7960763bd0a67d9529582070f25c9

SHA256
23da9ab7b7abf07142bec753d594226fce75dfd8995114ae2ae063478dbfbd54

SHA512
0765da44e1b1b6ed69e29bf9d29cc05eb672d91435741d8d21519a7d3db17756144115a34b139d21a315856fb2fe3897243766668adb362b7f1f9675bbc04965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d320c53a9e10f2baef00b604763c77bdb6a00bc\6fe8646c-9e3a-4af2-8168-53747bfe4d8e\index-dir\the-real-index~RFe5859d3.TMP

Filesize
48B

MD5
835961ca2876ff12d08b67f395e266a5

SHA1
bad529143cbac55cc621ddfdf70de1557b2cadb5

SHA256
76b8129cc97de42df1ed1d3eddcf397b095ebbcc118aa1bc38fe9806abe51216

SHA512
50fd195815fd1dd2361cfeb0c5ab2a71f5dd1bf555da590a7ce05adc2911427e28a0494a19be484ea168eb9740cab67fa8d0d44a18194c97642cfa2acfa97246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d320c53a9e10f2baef00b604763c77bdb6a00bc\index.txt

Filesize
184B

MD5
d9b0c922aa6ec218262667eb390592ca

SHA1
9427d04f2b6a6ff437c17779a430f8f010281d32

SHA256
61fadc1bda66147399b60a343f7e303fb90c3e9270b6fc2e75dc15e03ff27d1e

SHA512
8d3ed6d6358d738d378f3aac32e6570f39a115d591175407bcdc368c72cc9e764526fe3a4432d7c38f830ca46bb0a630704325718a153a448c5825596a1a7804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d320c53a9e10f2baef00b604763c77bdb6a00bc\index.txt

Filesize
180B

MD5
f374657559f555a1a2316ef4c8f17a0a

SHA1
5c6d5f88db7a40e8655e8b24c1272429205e021f

SHA256
7bbd55625bace44a09ad21edd0e7cbe9338ced8d528ae289742d37957af5b1f6

SHA512
496b85ce548350154fc4f09e249b4a6fbf6e32cd363cdd2107b6595afca53701afb7463a6b9278daff8f6012c7feba2b82c036bb33bc90fb444f1cb428238005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d320c53a9e10f2baef00b604763c77bdb6a00bc\index.txt~RFe580470.TMP

Filesize
113B

MD5
63176eb3a557a39f00b03c5ec07407c6

SHA1
ce605556dd7daa730b95c0873a9b470f5465c82e

SHA256
185d8fbf897318e8daf1c48870cff13e7c448c1b2192be18842512bfd3870ddf

SHA512
b297c3c67417bcbf7370fb6ea7cb0855e2f391ddb877daa8358329e2be2b0f9c95eb854c3fa1b6f481ec859ce37870c54e0a87e586b22f810a03dcc44506186c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
f917bf1223d9cd9ae001e5d97feff200

SHA1
b37f00d7c5cf66f6bcc972a29642246541d0dbab

SHA256
c9484b6565adab5c3577a8b3dab2341c6881dad8d633f43f4741b7e09c645466

SHA512
7ec0a1a0a58b5df85cee20caa93369e421ba46b51d7cde36e8cd7a76b5f7831883dea8433281b2d75d4f317cfe985f4e491aa695a8845f5a4bd6ac315a3dc850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fd3c.TMP

Filesize
48B

MD5
2da315f3ad1e8b5b8beaa455439623d7

SHA1
f6cd43493102b26953c2d7efa51ae0275982537d

SHA256
47fa8e1e2cf4f9ea1e99f7221c79192bfa41fe6bea66729b78e4b52934151582

SHA512
a223b72528ad4ae603597b269786a414565f1114929f6e49d4183c80a106ba895a98d7a405b4810a5c4156e46f25fec051503b3ce6bd6e7e0a8c331a2de50e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61b9de737e985f30d6d832c065c1d17a

SHA1
52a9c88f617bec228032efe7e359349ffad74d42

SHA256
b8212c280f5d50f493c94ca7a86762ff4bdd901e217e262d084cb56a6df1263e

SHA512
7969ab37f642d4b6fdcc2083a1947d98a4c10ffe1b7d240063eaf0da4969eb99c84c67294f63f79343970be4d861c6bf2cfc983d0434b15dc6c9bdb9021cb1ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
902363eada1b6ac6810adb64c28a62a4

SHA1
407b00531e7934e442348d7d6e850811ab4ef7ed

SHA256
e9a7b6705af921a2ee87cf91a240143b821521fa886c3abf601df7bc32e11273

SHA512
01571a5427d928c524d5c90bd97e9ede96e75627282c5bebf7061f75db8734fb8d2b704eb894e0c35b20bdea6d075d51c54f1f80e66b982708b5836d5f53ca25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1927f383ea8d7937fed9699e73909564

SHA1
34646a3b0399b1d92aadbc20441fac71a23537c6

SHA256
2960f475ee0ef34b61ecb8f168f4270ffcc918a69537409b98fb80c2e2671791

SHA512
9790ab937e2619e6e85c969d540e0b36b09b37ea5c2cc1a29065b976ab11b832addd640336fb87c8d2eddfd782d402cc358f095758873d062fb99e9a66220c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6d76c2d0ebb4fd786d93a65c602190a5

SHA1
ff51e46a1bdaa1a7aade9162cf08327fad915191

SHA256
1c63eb730f96a759e12069a1ef7fa368658c9e61fc3166d6dae562cac14b10f7

SHA512
7188a810004b026d673ef2101e005593409122d46ebd46a472a8ec9da9e8607fe41e9028dfe730233582e666e2e9f19b40e7c141b6396a58acce697c3451f539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f25f.TMP

Filesize
1KB

MD5
401d601885c0da5af811e1f5a84c47bb

SHA1
ed9b4c7fa72590c02dfd6adf91d1d900a22fa2ba

SHA256
04b7730853fc072325e1f0f9454789090ee1f012c5b236aab73da856845e05ef

SHA512
9fb4964f560f517fb32e2efd4da44670b70be1c0ef594587ec4069aaf34e7bc351eaa72e6cb5fe17e7ac8ca31c6a7784b990a8ffdae9a15d88ad08c6bc7452ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a0f5523b-5d6b-4a6a-a6eb-fe9202d27758.tmp

Filesize
1KB

MD5
3ef3529bdaf59b0a28dffb4b61e5e80a

SHA1
d3b575936b3c0091f023088e4301266e32372028

SHA256
588fb6e6f6ea491df602e32090c90fa3116d237bbce10e813dee1a676f506059

SHA512
77aa3e3af1af22e4987f2ea99178adfd944ea9a1784bb48b28e100f8920d96da4a7bdde2a22f929b0e523e1af6c33074b3062cd112196a54dba26d07de89221f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d5a8e812-d314-4cf7-9a95-b348e0abe8ce.tmp

Filesize
6KB

MD5
b2e164389fad94f5429b19c3de1facfe

SHA1
afd168dd296873e116e9656d6189a1b5fc51b966

SHA256
34915d6340a186bb5c93a9ece541db5fc7cf11791d5b6b5892fdee316926460e

SHA512
7a95e1e2102c55bc1b7bb769902a80a23292cdab6254809b7025be69cfab80a3fcfd77f29c85b53b588e0dff44aba6c0a29873fd2b6770f9a9e08408fc891723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6afb060f56a9a8a6738c32fb94cc983d

SHA1
ea90e005487daa43fcf5633b199dbb9e88d34aec

SHA256
35c34855dfbfe13d9c288d512575f19e56ff5c72ad7f56b7cfb2b992f92183ea

SHA512
b113a8e3925ec064a588939a09aba3a00fe83637d9b6676079934ec94a1a654e84f0994798bcd414eae1c6833869c11e66b331bd5102cbb99f54e77943bc847e

Download Submit