hxxps://outlook[.]live[.]com/mail/

Analysis

max time kernel
720s
max time network
777s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2024 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://outlook.live.com/mail/

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4260	msedge.exe
4260	msedge.exe
3828	identity_helper.exe
3828	identity_helper.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 4824	4260	msedge.exe	83
PID 4260 wrote to memory of 4824	4260	msedge.exe	83
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 2800	4260	msedge.exe	84
PID 4260 wrote to memory of 4032	4260	msedge.exe	85
PID 4260 wrote to memory of 4032	4260	msedge.exe	85
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86
PID 4260 wrote to memory of 4144	4260	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://outlook.live.com/mail/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe56146f8,0x7fffe5614708,0x7fffe5614718
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2744 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,8996442267655128431,14283086432153305759,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\70891f4f-d04d-4400-81f3-606dd081b5e0.tmp

Filesize
1KB

MD5
d16683ca26e9981a26c46012fa2d3600

SHA1
0ac9db87e60e6bb55d63ded60c8833e778b0745a

SHA256
6b6a3ef043d59da186d57941ce579e59b6a472ac16bead57c2f462056d8b5fea

SHA512
a0e54ba7416f34e8bb4480f6bd79781a461d9acb1903819c45bda4f4e7b090b7ec87184623810f58629dc81342777aa570b89fb5f579c53d505b812ad26e6ce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
103KB

MD5
68b3385a6dffc8d64e019832acc918ed

SHA1
7d29dda429ced1040ee8959b5688387d4dd1b4e0

SHA256
17190922204c288b25c7db6b10eb4130b147c53171e442b25bc1f2d56bb74aec

SHA512
3c90deebed1c066b1629adda526ada2821ba66dc523910c71d84bac4d88bfb830965af355c132ba9d7aa84acb58bf602ed9b4c70f6e2f42a1b4cae203ae85426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
17KB

MD5
7916a894ebde7d29c2cc29b267f1299f

SHA1
78345ca08f9e2c3c2cc9b318950791b349211296

SHA256
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

SHA512
2180abe47fbf76e2e0608ab3a4659c1b7ab027004298d81960dc575cc2e912ecca8c131c6413ebbf46d2aaa90e392eb00e37aed7a79cdc0ac71ba78d828a84c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7e9de42ec6a182b38200aeba0406fb44

SHA1
ed48d936d57955a5574469b3fbdc863baa611051

SHA256
586068ad1ef173ac652ec8648f52fe9c0bafc29b8c9ff418a3a41c85e87e2335

SHA512
9f975a0cf812cda2e9f8d6008c4ac27625f147dca891e48822604685018c55911eee853b6759ed9a6c9392cfb869b22a6bcedb65bf3bfd13036f938e96e36dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e13fc1ec9de1f0d94d60136700d11bf9

SHA1
9d2f1301e7b350fd9827358bd880ecc1e7658756

SHA256
a99b83429e3346c08980f9a305cb33cd092576f07f3821f6e8108d64808bce4b

SHA512
b2346a3e5409a905f1965f1f33155c67737d98441bb896aa5b97cdfdb024d11141c7aa6dc8f3f78b9d1c27894a8f01e74e25efb8b4141e100a6ea81cf9d9b752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ff78b5923970992f4d4917feb9592f98

SHA1
e1cace05d1377cfd36b81ebd2b8330d2fd9db9a6

SHA256
05b83b74ee8beedf81f0bf0420c6cc01102c67505f9a4ed4830158275a206a42

SHA512
916b9e40262a609e0fedb23d9f26b9a2da6dd4af5cb50a55911aeabce0350321b0937c57278de1f68e5eddf83314f5bed0ff39d2166eae3f9307cdfbb3ea6257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
983ed9d756edf701753b32a8fb7ebe71

SHA1
a6773e5eb0f11e8d1620f33bcd08cdf65189f010

SHA256
2ec2b0ad91b62415d3df7aba215d6dc601b83f6067adc53580c71aaf87c820c8

SHA512
359d5842588874dff908c42bcb812f22621d9b535f441409d25fb3190bf93efe0a2c8bba4282c62d7ae6fed0cf46f9eddc549e0f4e0c8e484a287daec6409384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8cbbb8d46afde2d810edd0fbebf40978

SHA1
8dc1cfc85b53cdbe61a406a219f5106c0e477199

SHA256
13ed79006aa893e17a0e133650303f87d763b8e347c61fd744dc686512790816

SHA512
cd1439d26436f8e35896285211280c502b8344383ec2c15c6dd9040c6c0a67e8876fda4b01349b8eea8368905214bde1846ea6196741c5bcc77061246b03d46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6a5917a5f4970bc03e6ecc84ea451484

SHA1
14e5822126c5801da54c2c779cd027d43ccdb701

SHA256
996df23eb340bebcd8eed231b6d92a7cad45046de446f2c91066f181b2281bf7

SHA512
a33a34ab9ad360f364ea802b9e0f2e1c5af6e9752d0b1e37fdb30f55d16588f0c30d43454720e738f1637236e372693285be99fa59308e51a0df26fcfd35355a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fdd997d2227a9bc9bf821f7e844fd758

SHA1
1d5022e73532d66377b8bcef91b054f095480712

SHA256
6f0a5d5d9f18fee25457765e5a61b463d38828afd88e75f41f2fc8d673e01b17

SHA512
27c14c0f0da0739473cdf3744c4610e974fb8107a3635d9fa39ccd7b3ffb8a7c3a0cbd62c24d219a23b994472084c31a49228e5cee5b74542e99b586f1b2001b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
97e6e410676c450eec364b9ba0e128a0

SHA1
f23056f5ad23e2f591c77085826b69803db82a43

SHA256
67e4ac02e383acec834d01bf44553c692a74dac95b4d33c449483a3a9970508d

SHA512
372c73b55e491633bba898832cf7c79cb94031f3124da9ab15a5b73b047b49fead2430f381464a5ce0433f74f42d65e37bfdb9ebbb31db0bc5cb8aec89ae30a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
41ad53ef921838f25b266c6a2279148c

SHA1
5479f7f3a6ad15c920de1136f503b3d40fac2ba7

SHA256
b800899f65807838fdde7f31f31ea75c043f73d8c0e0946e780adc53fb2b08e2

SHA512
4f6832da63b03264b2f95f898b9ada839d1af18a6a1c6243238f0df2144f92fea2639d45b7ebb1864a556d8a9d3d6ef1d23af656aa35c1a3f5991a6936c91b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20ba948d1b4f6aafab514311fcacd6e6

SHA1
ae0b18e1073dfc66b70d7fa5de787be9fef23530

SHA256
0e1377cd48be6a9b03d88ce2a67bc2d08d52746dde993a0f59984ef3d18a2f07

SHA512
1a68857a6c88df4ecaf910512824521cb439fe5e357312bffe48079b4f5af0473a7c56fc3ecb567690900f3841b5f480b4e553d92ef9213414bb3c4ec82c32b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
da15c5211f42c2efe82327efc4466e92

SHA1
d57e531bef5e3b2db7873e2af59b32364ff7658d

SHA256
053fa044db8588a6433aa86de95f0674ba3dbfbd0337dcb7ea5aa09e1f179e64

SHA512
e962f110fe1e2928c3c509ec37a99ae34e80d7525ac9fab3959ee171887113efae450f2aaa32101a886a213a1e110c50e8a023db0908f50645716d3daa443cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
95e25c03fe60ead6b115002fea2147e8

SHA1
a7b816e652fd7421c206a96d7d35a76299945306

SHA256
9df108cc9957961a2ae89d2d2a3ca0fe42dc91b74918071cb6b9976133c1d255

SHA512
bcda6090a363ede36fa9bf271eec0fb7887a5d58376dd421ce7e45dc93c4d14b7f46b80428488c619ab2345cb5900d9e88fb547afe536b6d4d67987ff579d9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
154de44f1da793fb21156f7638bdfc25

SHA1
534c34aae8ab7b84bfbed576dcda69dfaf30ab00

SHA256
c013a3f9b01a363b1dae23ffdde8a5035bed8c96a42e66bb5d5ba1d852bf1a7f

SHA512
e595652bb050fcd5fc4e16785a491265dd97211d8a11d53305b07698b6de36afec267496f36ae0a46d68fcaaec2a38be34aa6c11870147eec5c8124cd1931cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2b7d729c318ce8eddd40f1f7712673aa

SHA1
f568673b7b36873b6894d42974eed98dfe37ca54

SHA256
c3304d42bc1789c0ebeeacb08239e9771b4d12d6ad5e910ca893a7acf4b765c5

SHA512
9d6fa33efb535d44bf051b02854e9bcd958d04e52d52b5806291dcc80ee5aea900ea11ffe529abc574d1f4ac38db54db6833c8ee74c9da58ab9405d321a3c9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eb5a2f6901a11fdf7faa2b467538591e

SHA1
dd3890e90098e802dac581487cd5fc692b4e5049

SHA256
18e5f11cd64c9ca0f7b8759039aa093cb76cdd9aae74d1693273e9e43abc572d

SHA512
1fa694cc43dcabda7af9625c324df60fe8f33d3cfdd6077684838c0fee4958c88fb6f9440edef051b4c8407d24900a160fda7d6af3814f71fb4b9b548fda7823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cbef47397f409c2088e6739abd41113c

SHA1
856cbc7f3287e1bfee81b0c3757f0bbbfef743a3

SHA256
0ceaae0118519f415e24c2d29114f41011c168bb495fc65ee272f51b202ee301

SHA512
3dfe9ad8ca2eb10b544acd75be1e81f5f46de487238b0a1d9155e25929d41f51c469a3d5849c3c4bc9f420f0fd5a13ff17a8496954933bdba9a19589579bdebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e89262374a8ecbe7b75513ed06aca603

SHA1
a42c77f9e7fd17347b6f7903f65427edabc25632

SHA256
babce9704f333d5eab497e603f5dc3840ae943ef4091394de67d50f0162ff369

SHA512
b025850876de13ed60aae8742e38585c93085c95aa4f0b65b26e20b764d309e2718dabd28306d761bce8e74c8992126f7e49adfb6ec2429bf44ee7de33b3cdbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c27f0d6eeba4c648716d07b8e68f3d0f

SHA1
4ab97104f91c0cd38193a26ba691ab57b2b0b4ef

SHA256
284eeb0bbb9c1868caa0cc3dcbc0f02a0c3b9df00b61fcc6b9ef0bb0aa6ae53f

SHA512
3f3ce2d58039377b35f4c3e62025702ff9cbac891e574291db83a14317571dc8c137fa1049153a8819d8a37b6876622c491958a4239d706c37c7728e61313b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
128f1569c2381ff09e35fffc31190129

SHA1
d2f6d0b7d842c8513c348f7002d93a43c0c4f798

SHA256
f7b9d86743ecdcc923beeebe1f9393b4056dea655553fb8c9d2891170279b358

SHA512
689c095c7bdcd65495215f49b9edb4214616e07bca3d2d4be5f85f0a5f71a9ce1b258ff9c4603440fb66fc24a254255070ad3cc8db0da9ac1fe465fda56abc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b69b5dea4debc5b84db26edd3297f1e1

SHA1
d6ae326595327907747026795ab7710a087ccd2b

SHA256
543f3a941ad204115db1c8b26f714e682f55224634a6be1bad146fa1fe6599e1

SHA512
c6866ebf841192067f5c5ad843e7bc1fe782a1946752be0605e0d82cc475fa4018ec7a389b5294dd01adfc707533be0bcd226df95ed5c59dd9e60a04460da3fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ea0a088a1cff851a58f0032a40e12357

SHA1
873334f2056e2b2a37a4fef0345cb1aa7f273f20

SHA256
087045ab553f58c7cd32bcf73c6fcf6e1711a8ec780d4669901abac491b06920

SHA512
218644751be5a8e9faf966cde4b3e3599f4196d93d9280663d3e5e735040227600743a4d9c494389cc11e3acd563cd632d4c94a9e1eb094a5c3c7d66f3d39a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
befdaad364d795865bb188903812201b

SHA1
7431ac147f382591d4afda97363e8651adc33c0f

SHA256
e357d53872e9a6e24a107898887e6e7417ce9f708a21bca03a57a315a57e084d

SHA512
0b56bf1ad8e8a3e3ecb6187e80f8a921f3719f95e1bd2d271cd0f18f9c8567505cce5eb03c2742cd6839121d2b32d09abcf26e11d5d73ece68180c4e19684a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0bc52bdaf4dff5894a29019204eea4a3

SHA1
16d152fec1df9d75e08bd846e17acba5b889e0f9

SHA256
a61c5c79a5343d91373e835c378d6095a47f20555f4ea6c6322f0a9e206ffb1e

SHA512
6f81a3b1a30f749ad551ee056c1fc8d96bda3dcbc9f1ddba110c2ba92b01debf9a90091f0d1e318aa9f75c4d16a6e456390d4bea300faf6e274885d28264b7f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d41411fa0b81281a3be849373f60a9b

SHA1
66b80458a8062fe52b8f453f4e443460fb4b7a09

SHA256
0974c4c8b24df608dc0fd77b1c5219daf40f7c40c013e56b6fd796e4cde756d8

SHA512
d318ba3c1f4cba46efb07e9245840c8705f953efbac37813e7e89750eaec4b22eefd06933c183d437087199ff64365f6e62d9606048e8d9965b0c11ab81b619d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
27924028b468e1a1708ecb6a7c9bff7a

SHA1
09a1bfc9cced73e6dd02714b44818446c30e8244

SHA256
13f7234795b8c557fe7c9157d846e79c08c8b59f66140e569daf38bdb51338c4

SHA512
eba998202da1ba870f2b16c9e36d8781be7dc7d76c2de3df476694a8d9ffd36b9b6bd50425a69b67b700a09734ce78ad952f9bfb56c3f567247980ff6623a863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2442053307a715c9a04110295c28479b

SHA1
00fec356546deb5d380b05e2e2c1829ceb47461c

SHA256
1de1d1b8e3b99fc16aee52232cec85b3a798b947b3ece93eef862524b9919cab

SHA512
f1eb8034a7eb44a0a9498ee13d92cc7cc57f28c21ff728ce625eac99d37fb74f3e251440314f37404a4bb7db07df4c94a8f573220bee598f2d8143f17edb9d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2abce3414ee490964242e50f7e2ae59

SHA1
42f3895bd54b85ac4abf95eafcced4dcc5a58cc0

SHA256
3184c673a658677f3c0b604d4c58f6bc3a78f5bbc00c702db05a2bdb8cc47e38

SHA512
916387c2a40adf44a9ce6220818a6216f9f4a91c7d2aa595c05d746cb163d2959f6109b6adf26a42aa231e8b8c0ea5060c8294b3eb4c989e76b920f888439fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
937cd7eea86d4d9557f90b69943f981d

SHA1
e71e53306249edecc7349dbb88a00491b8b28576

SHA256
a53f1225bec0582e5f5f57a68cd413b9df9f62db0d1fd68f1165c5f61f195c18

SHA512
724164b1d2b1b01354feeaa430f3c8ba29a58fb4474bdcb3c29a2083986e5f884dd99b210b73cf00c7d4e2b25043af0b34fa5b27b8be08b5dcec81d4926631cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bf994c5586e8a0b46e003bcc20d0dde8

SHA1
a2ac24800898ce7210bf9861cbc4908470a7ac02

SHA256
a8bb7e80bc117ef72b76c647e83d8fe8e306686f9141b254763ff578971a42bc

SHA512
c2b81b257c124c381ab7fd43dc70587c4565389b7a9ba382975e2804f56e09fd1cabb55690910915d670d79d5e844992f6cbf68ba5fe9f0f3f68ddeb26aae284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586e74.TMP

Filesize
1KB

MD5
1c813032701adf1700e287be2b7c36b7

SHA1
b5effef33446175ffae37493296dcb8ff8eecb22

SHA256
65feb1e1e2e84ebb6634e5f82a910084b0d234293227881261f004cdc8dd5191

SHA512
10c032ad68fbc80b9696c4e7a73b6b6cb53c040c1a4c3a68c024f0107925f3db1e7b4842f7f1adf151812eb3989b6397ed3d2785371fadd07ef34eab76e647b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
172ca0d20aa323c82c91338e7bd361fd

SHA1
291b063c05ffae09c766d200b0761e39ce82435e

SHA256
dca23066fb3306c2e4c72e1974cf764b777b4df8df60d2a19d2d614f0b4c2b59

SHA512
a415d2f3fdd582dd635ad2a4dc8fd6ce10d536526106f798c8e57ad3e2361b174aabff347c956b8011a47da80dcdee60ddf463467bee487226d59415e63b302d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit