hxxps://landoltit-my[.]sharepoint[.]com/[:]u[:]/g/personal/fredi_landolt-it_ch/EWsXGxqvVGxAtOpmLv7b_5YBEPi4ACpG4KOYyhlTpypq2w?e=DjclYV

Resubmissions

17/12/2024, 12:39

241217-pvywpszqdq 5

17/12/2024, 12:32

241217-pqrltszpen 5

Analysis

max time kernel
165s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/12/2024, 12:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://landoltit-my.sharepoint.com/:u:/g/personal/fredi_landolt-it_ch/EWsXGxqvVGxAtOpmLv7b_5YBEPi4ACpG4KOYyhlTpypq2w?e=DjclYV

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
4572	msedge.exe
4572	msedge.exe
712	identity_helper.exe
712	identity_helper.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 1660	4572	msedge.exe	82
PID 4572 wrote to memory of 1660	4572	msedge.exe	82
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2944	4572	msedge.exe	83
PID 4572 wrote to memory of 2556	4572	msedge.exe	84
PID 4572 wrote to memory of 2556	4572	msedge.exe	84
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85
PID 4572 wrote to memory of 4480	4572	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://landoltit-my.sharepoint.com/:u:/g/personal/fredi_landolt-it_ch/EWsXGxqvVGxAtOpmLv7b_5YBEPi4ACpG4KOYyhlTpypq2w?e=DjclYV
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb78b346f8,0x7ffb78b34708,0x7ffb78b34718
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6660 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15916318668406558452,10438325311951976847,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c11c7bcf88d52d0f095f21dcc74ef7a5

SHA1
fa18488a0138dcf1e921528daf2c58503cafa8eb

SHA256
2a956aa7ee60945b4b3a649046c4a8126091d423c4062d1f08c6a777de57143f

SHA512
026d077dee1355f0f3f37ca3142be4dcb50589e662416e21911453f98a2f5d659075ab14c9d5e1d9235ffcefd83e4d07625b385df19230c67b70fe56ff9bcdc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7f6185822139e92f10e2618c37a3ea25

SHA1
b35aaf7324c1963edfe5f897fb0c509262c8c614

SHA256
616c54c359bcc6e9c0a41cf60a4e3f7560faac20069af8e794d029f301c4f2aa

SHA512
3f74a834057c079cf8e3e256ffe6e2c1827f9c5a5a0ab75fe87af34eef9941c247c6b7725fa31a883ea0e9b7dec41f91346771d1ffa4a2184351e6abae6cbb67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a90b3757cf6ae544d8d9345ad65b7602

SHA1
0ff18b0d121d493eeee2c73a9f7fcc48f3720ef7

SHA256
34f03cd854a92e859c0dd525f47588eb09972eeffaa79a5eda2a115a1ce34202

SHA512
425cb2feb0ae0018d8682ae9a40ac80f6d50031028b2c599af508b333c9b40cafed1369791da20b58b32d7edbf3a430f016902df9cde1cfc014f8c23fe556bbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
357b308e3abe666b5383171d8d1b23cf

SHA1
fe97e1cf195d505439e09a106eb0a86279a14d13

SHA256
17c200854313d9a5624dbd64ca5bf1fb63ee1dde4e052b160cebbb03300beaac

SHA512
4d9e16bc1dd1a9c8d8804a8b72e328a858036fba86e3edf95e8760ab8be3dcead9ec669f87ae9ccff1359243d2b316406e18b71e82289ebc0ff29bcd03210928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5640c67b3744e7d0c2d81d2668225a7e

SHA1
80e42e476c7c4aeb6a5534889508a211636111d7

SHA256
8b907eefd16e20d6f5ac744b68a5ffff76f090e3c3d51cf467db54debb012e5e

SHA512
c62cd905c7700f6b10aea3a8acfe502c4a4e6c7129dbb77ab0681bd7ded3ef4e30d5178e742f268ed34323ef2597cbdb0968b2a21e758524a994592f2ad9f459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77c591dec70c5a7f6be6869b3de34865

SHA1
9263c4b7951c082404caacab19417c382293879d

SHA256
c35ca4de07d840a5961e6fb1af76cacdc9f775e3a98734fe72d6830db305f62f

SHA512
8c8bca4c84ddcf6d6efab590793de2ae773aec148103ac79de8aaaea46742eb900742a60ed328c23956d8ba54b4f50e3b16be4df0505077a9cb81c9a1f3d674f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4c1d8c4df230831e1f328b78a25a213a

SHA1
186aa4a30294690dad5d85071ed5f52436d3715a

SHA256
c5e0bd02f97446ce985fcce4b66e98369e3f4e806af01b9791351616fa921592

SHA512
b8796c97d32bee8e18101220b8d76df838eac3d3474feff2b6592bee535c17aa60c7f0ef646ea834bb31cc8115f718e45dafb7b8a24728d527488665284b4dcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8034ae18df280df39b0b90d2e9d0d2a1

SHA1
468e13714cbf42a6475f363cacfaa1ad1684e558

SHA256
aa4d798ceaba5af281509b54f46e6e14e180ac1984cb1dae73c00ab63c3de93b

SHA512
e7177aa1ea15a561923f51ed05fb54178d4b614511833ff759cbb21d573f95b3d2bd4b0a8dbd563081ea0ccf88f9b68333b249095a1adefd48386042ac29d921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4a1cb8e744e083aa8da10981060cc1e5

SHA1
7540dd6d673f83de8d2204ba370aa75e23d63168

SHA256
a6a2b5032ac48378df934c7da6214d44e2a5706c047c7a98b995360bb34decbf

SHA512
0ae2abb8f38e71d5621ad08af0ab9760733974e55b13d22387c1721651e6a8269011cebe7ba808ffcd36adf89a4010d9cee80c76c4d9c443b22e8b8646c989e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
41e95a6b5cbc087d1808d1fb6e8479c1

SHA1
474933a41d26beaee877dba7ebd44debe756634f

SHA256
9e8e6d6113d06ac4deae27637e7b78b36df6e8e8645ecf29dcc72c9712294dfb

SHA512
2293021bb1bd6802d1670b4b7bcc5c9fc87c56493f970d2850a307b49d1b7fbdb41a297ac7aa9db71f0ef618c9c483e9a16c925d7183f1d74558c6d8a0f016ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
30f5571443287032690e7a6534079438

SHA1
152e2f292d1fb9965321e996fa0d97ce4db5dd15

SHA256
0a812c59d0d276d429cd4d1d6e455ff0313fb7f2aec91b0362f3e7af7c7cf35d

SHA512
da86e2510e690b5135c97585e2d6a3378b88c2a5a5c6e10fceb564ea0a329d3c38352a8a8bad0db8a23d964860ffcba4d4006743dceb8965c1c1986113e1d34e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c966b10b05fbd947dfe22ae791762184

SHA1
98c206575a5e787b0bdd3de853460f8f3c7c49ad

SHA256
0d5368d4ce9fd8dfcae9d237920ff0ad0d631437318d2301f3ab6a5e3f45831f

SHA512
04f1d94aaeb6d65d5b713626e6fa039c0a2673702a88e0f524e0ef934fdb28cea8d064572358b8ae8649ce071600e4973ae3b8106e7e5637b718f1433dd53549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
481747d4ffbaf0d4ccd478f1cc2360a1

SHA1
10e5fc07d99db487ca9318d2f3c8c008cffb8081

SHA256
91bfc2f7090d2173c19b0662b2dc072f0d91a63ba8ab7aae266bcf262dd15939

SHA512
0082eeba7a460de7813823d8514c992a3bf346e0e773caab4f875debd2bfa6598a14f0db73ec4057183c4c6a6293e3e9342a0cec7200dceef0f987d896ff689f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c839f2825a7bf77b7a1674f604673ed4

SHA1
65b231e99b984bb31466d82ce60e6180849bddce

SHA256
580fd0e2eda6e53bb4c6317e853cd173deb2912a29e75a7541a46cac53b00b0e

SHA512
6171140aa7fcac31bf6ddf9bde615b52a4bfc80568ba0f330967292a02f9f09c43f2745a6c71c339de6a296f3d71a337b3b5a9dd9205aadb87e2e0060c6d1b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1001eed864cb79211fa650d46117968d

SHA1
67387166bdacc5007a9108ca6631435e707b8dc8

SHA256
9487b282ae73f38128b32a33f713505eab44e1d8cb4612a8a106a609e0d5c018

SHA512
2c317768e559c89ff410b7eac7a5c31c2620a9447e8bbc97ae64adb9446c75ac4b9bccd2c1739d93801aace5c747699eb65b28a51be661eb502144313685da00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e8e6c1105607b5a681942a65e7acc479

SHA1
08f11c422c9bace76ccce052cbe6d8ee6afa449f

SHA256
367d5382f7bd02712e1c4958d1d42f580395a61e78bf482ed2f57ffb2d6f0467

SHA512
f0f99da6932888778b1d6e42594daa00e7bc6ae9978e061a4cd3498cf6c2cc9f661422476851066205631eb4acfe50e7521ca0c23fb238c116023a194c6998ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de1b.TMP

Filesize
2KB

MD5
f2fa9b822c16e7334ea32d6bc5fff5e6

SHA1
5d48eeb5d0efe363c8469c3b57d2a1826ae6e8f8

SHA256
18a266edd4eb6554a07a0be0db62c58df47b9fa4f91862c15467a936860397b2

SHA512
d1832b4be10b56cc3f6af398cbd8afa62607314189bc75fe9a016fd95a701904f86872735513cdf407495d52f25683b0d171cd33a4f4c89e0f3ff8600651af73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d08f73aa3b165cf4b62baa67f43ab986

SHA1
8febfb4c53067d7672411ef8bae8b969f592da59

SHA256
bfabf49025f507b87d5976c1fc54c967c1cbb535f176a176ed6b39e64bd2b594

SHA512
bdeeff35762560372b3cadb6e605704efdb752572ab15905d697f6acb05d491ec7c9e4a6631212fb65ee635a059072d8668a912ef965838acf0203767728dd04

Download Submit