hxxp://supplytic[.]ca/chuu/wpia/posha/sf_rand_string_mixed(24)/aeberhard@matrix-solutions[.]com

Analysis

max time kernel
840s
max time network
890s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-12-2024 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://supplytic.ca/chuu/wpia/posha/sf_rand_string_mixed(24)/[email protected]

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: Desktop-solutions-tab2-img1@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab2-img2@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab2-img3@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab2-img5@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab4-img1@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab4-img2@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab4-img3@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab4-img4@2x
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
3088	msedge.exe
3088	msedge.exe
692	msedge.exe
692	msedge.exe
2460	identity_helper.exe
2460	identity_helper.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 3412	3088	msedge.exe	79
PID 3088 wrote to memory of 3412	3088	msedge.exe	79
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 3316	3088	msedge.exe	80
PID 3088 wrote to memory of 2200	3088	msedge.exe	81
PID 3088 wrote to memory of 2200	3088	msedge.exe	81
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82
PID 3088 wrote to memory of 932	3088	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://supplytic.ca/chuu/wpia/posha/sf_rand_string_mixed(24)/[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc06ee3cb8,0x7ffc06ee3cc8,0x7ffc06ee3cd8
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9498594783420333861,1949224767591077857,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4620 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
f1d2b2a6821d6101f3d6a12c1095cb49

SHA1
c6d59fae2b8b22bdfc3fb43e17ffc01f35d28e64

SHA256
38898d9f141f9f0b162b799cd3a33315887ac76bf472bbf149c144c7eb198c83

SHA512
afccbeb690c42f3b8d0de637eda7b06df2f56cf2ece1bfd9ae02a34365831f83e33e276434a79f4be2e161f88c3e77abc6de025ddb87f6d58465d580b157cf7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
31a2b3fd39ee1cfab4c5b51c459a77ab

SHA1
54524e57b344a2e0f8c448f5ac97f2f2fcb6dd49

SHA256
4a9928d1e8f1a73784ac3a6de0d913644705469bebe4cd4ee525ecda0bc30360

SHA512
e1b3344599970f56ed3bf3467aef35096a000bf72e599d70e48a773f856f8f574998e56d22d912452436458ecdae66d6be3852dba477c7f6fe7b3bfdf895100f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2c5d65485701269d7060449e186336d2

SHA1
ca7633f0f09044de887b58f6bfd994900efae2f4

SHA256
b4e0fcf3a54c5d84c047922f0dee6be2d8c03b4d145683fac60a1d41af79492d

SHA512
cb38575a0fb6546ae74cf1bd072a2d96fd461bd594d4fa4129a706ff789dbb63643398257579222d160f0823914a5e0aace10ab14770152054dec6fa469018f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
977B

MD5
9851c486e3bf24e6c1ac090913cb28f8

SHA1
b17faedc76cd7f4f4ba48eb18ecf9d27c25d95ea

SHA256
b9f1c44ccf1aa3167e0c2ec416c390611d43e06dbbce0ce72b5d29ffc7c8313b

SHA512
95a48ba71f6e7ba8b2f4f4ace5405c9344cf51ddaa82559199180a229fe80d2cee2375b9152af53e8de8080d5e9928cf53999dfd1a325bb8f0232c7be126ec7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
838c76fc81c9a1c3cb3680f09c91db51

SHA1
334df1c9d62408ee0944d7c10e4cd41481bce53c

SHA256
e375d58628312ea5861ba6931fd9132b40b94d921dc378332cf9aa172fc28181

SHA512
e90ebd75c0bc47b0211225e49296cfca41681818037a08c9b421cb2f6e714f85647a304790259e39099a08d2c8cee27c625d1b4a385174b6412184added9260a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3de0a98227fd8bc55855df86aa43375b

SHA1
83a88b300ab15f8173ff5661264f1444fee1965d

SHA256
e0ac2e9959f11236ee069af812aacb315e42a0988b2d04bd0e238d14dd380487

SHA512
71e6ab0395b98f5dcf0cafcd1c9e6b8ed15187740b0136052d3056fda557e357f9d6da73d30582913e51aaba75a74baebd78358c7d69d72fbac04ebce994b168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
33dcf1d4b9cf06ae68d28b02938ba201

SHA1
62e73efe908ee28ec885e92f3256fd96615221d0

SHA256
5a824732d90bc0ad9ce44b9af20d5752c2e41c9680fcb7e47d6d3e739bf7a492

SHA512
b70e5610d384af1a374b78c458e54690e906c29efc056c9bcf21e7d14127a2db458bbbcc1050cb679f408b214cc12968887c7f287ea6fea0d24df5ae1a441dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0a738a4e6ffa31637eaae288e063c34

SHA1
a0c8ebbf96d35b2828b9ad3687ca5c0845f7c4e2

SHA256
a2977a0f63a6bc1a5863958a3df1839df65e18e4339e04dc1ec2e93b05ad1a22

SHA512
5a2a1245c5bab4ffce5220e6cc8f383dfcab8d865907a46b9695e90f02fa9e6c4ac39d06a678567dd3078313db44a63fee0b3d0c0a168cfbff8266df2e374d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0802dfb1848b6cec27c12868573c44c1

SHA1
af5ff226317c2a12e350b63c30949543ea7dd1d4

SHA256
d3675c3556d62db1089aa63d19a752ff248fe15f647907837644b0e0a3ca9b95

SHA512
ef27edf8e1c28558df7932e67abfa62cb9bc6085f9020c351e482177fd264efddbcdc415103e8b66250d2e80bda13acaea6119c505038e709eeb05c7c3ae442b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
79734e63accceb053772afeb5f1964ae

SHA1
896fe425c72a3ba2a89dd410986558b1fbc54426

SHA256
6f3d7c0dfaec9aef60d2b077195eb5a82143da42b5643f36fec869bff741a9a0

SHA512
39e9f3c1eb7f1e06327c1f7df4c223860377ebe5b9ef0e87e6c903b313fdd8c998ab4d160564bc58b441e792082175611422f9256cee7e8d9d0724dd462e6038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
764d77c491e053439f9a87e32e87ffe1

SHA1
8991a8ec3631716d02bb6fc081b507f6b9d4ee52

SHA256
258df65990f7b940540ba02ca2eca9519d797185b30f1a7a537eb2a212f08ea8

SHA512
cc6b9cd3879ad9eb4a4633ec609edd439e9f672dab4b73fab67307a0a8e0b52f378a508e8bf2810aa0b0801e738e88c47e0d70952597172c40fa1d14076bebdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5923ca.TMP

Filesize
204B

MD5
b2883a7e618a09e5085a20912c3c2d3e

SHA1
6b2dc1f419bee4b8d66d77c80cbd7d5cb57465a3

SHA256
fb5b09719e9565eed83aa801f153fab005a84d251481321841ff6f7dd060f551

SHA512
0ff4287d2701aae6545850c457ba6acaffff7cd2db35cbb9ca4340d0d4d4f68210e102733b4e8d9de1b84d93b42692622177994175d272de4d23137a14c2e730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d2b64da7532d45b276dc5c242383c005

SHA1
dadaed34c394488d931c1c6c1a092a46039309e4

SHA256
e082f15fa00ea3cd6e9d309d63f6a5751938b1556312651a715439ab8bdfd555

SHA512
f39b32405b78b8728e3612a1d7234e6dc2c1e9f5981e61ddcb83c7c467cb46e0224d86057deac563569f6f9b6fd53165d6956996cd46a581ed7fb210bb6211fa

Download Submit