hxxps://issuu[.]com/onlineviva365/docs/20250106800351201?fr=xKAE9_zU1NQ

Resubmissions

09-01-2025 15:44

250109-s6ztxstlfs 6

09-01-2025 15:27

250109-sv499svqbn 7

Analysis

max time kernel
1049s
max time network
1034s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2025 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://issuu.com/onlineviva365/docs/20250106800351201?fr=xKAE9_zU1NQ

Score

6^/10

microsoft discovery phishing

Malware Config

Signatures

Legitimate website abused for phishing 1 TTPs 3 IoCs

phishing

Phishing

T1566

flow	ioc
182	qrco.de
183	qrco.de
184	qrco.de

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
2896	msedge.exe
2896	msedge.exe
2400	identity_helper.exe
2400	identity_helper.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2116	2896	msedge.exe	84
PID 2896 wrote to memory of 2116	2896	msedge.exe	84
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 2108	2896	msedge.exe	85
PID 2896 wrote to memory of 4812	2896	msedge.exe	86
PID 2896 wrote to memory of 4812	2896	msedge.exe	86
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87
PID 2896 wrote to memory of 2184	2896	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://issuu.com/onlineviva365/docs/20250106800351201?fr=xKAE9_zU1NQ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb773746f8,0x7ffb77374708,0x7ffb77374718
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,4104365695044147467,4085485642177705819,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
6c8148d322e34c2182e3771b51d9fcd9

SHA1
a9d09b33d7b0897e31c2b258147a94d6597993c3

SHA256
545c490a3f60af468978efcab55f13d67c46b7d3ea90cccaaab22d2aa774c167

SHA512
6aa37f76e9a7bd0c0b992d64ec34ed5687f1f37f34fef48454a8ae5797637a58688fa8408a77e4ca782b2ff0a6b63ab527492a72c139164cfa4200b6620dfa77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
a1eec8bc05a064e3c6f3711b9a72759b

SHA1
600edca7d439ad3c7cf736b8f744e844773eeed2

SHA256
1771b7f3dae6a446b8db0cbe1bafbb286e453f00fb3ea8c384bbf251c24c2272

SHA512
e4b6cc637cc60dee05816d49c941c6cd970377ef778c404df9030aca1b39942e715ee1a0b8d9d7c17828385f456bcfe0e6e4e4b8da38453597502ac95d665612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
44bf575e03e97333ed363d15ec55bcf3

SHA1
8bf1c630b2d3b65d6043303a9184392fcb7df39f

SHA256
fc15f9a2b4f277b60a1e43a776b2629b0f6473f4b8ae3d03ff9d9dc86a81a45f

SHA512
11524df3d9a4f2540db5cd771622e5c5ec680f610e37f13538df8ac05e2a677cd88dcd11d01f9d41b8f52d66164362cc26382ac7d6199f2723a17db79827a325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
316fdbacfb67dc14340cecf7f1a30fdb

SHA1
0073d9fdf7f136a465f34268c2207949883e8b4d

SHA256
654a42393c178894c8ad126600994ae44f8a5648697490ddfb710d57a381671c

SHA512
76fc5684cb6491d8bcf9307a7aedbe5bc52a24215583cc7ab1da6789172ec1267a7c89d6c6c9367c33e94e23b1b45e12aa5865be2f5501a29257bae0b92bce97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
718167d182b03e19debbfeb79a7de090

SHA1
b84a06369b79e531b6c20ad45db9b4438ee8d9f0

SHA256
b1c6f017ae3ab34753d717bc229c90a7832b37fb00742717fd3ba90f0ef78cc4

SHA512
5ed682156d7746c19077daa27bb2dd43f4b9c349eea424a0703c25b1404c7b9f5b1132fa721ce6c7012bd89016eb3d7a01421a61fc89d5c89cbb44e262c136df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a9576bf6b4da13aade7e0cad0c0b7c4a

SHA1
1546d1481d8d653cdcd8e147c2c52f472ab6a73f

SHA256
62d029ed46529d3cd70231c9fd027579d1942d91f16d84913bf3f5ab387bd2f4

SHA512
208835bc5492e93511f50ca09dc961cf7dc45a8927fb4f5b73e18c28449f6ab7573c024533b79e5a28566460bb2453e55ff5d822d7b39c61a537276ade800290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7c0d50d971bfa82eb2e8b8808eff5b70

SHA1
e09e874e3b72a94fa4304cb5904ba35095489a70

SHA256
852c6d52371aeaca8f31a8ce9b3f0bb6755f6ea0466858085de2293ee1659242

SHA512
6bc140efd6e383552fdac2f5b6aab69a6f9548c25e1db942d14561965f967736f62350e35bc814f1706742ad8d7af989e8c543f0f93745231411c2498af6435e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f251152e74f741a011994ff3a6f118a8

SHA1
28003b223d9bf561a0a15e553ae5472cedab1f0e

SHA256
40a27db995f0c5c719fd214d68c7cee44b243e495a109d62c8a2cb712844eecf

SHA512
b65936083d9710a2c5087d8d24321daa188b8689bedaf630e04b926514f88a2a87ea806dcb4ebe8ff14c21f7ff751e2cac89d01dbe4ed73da5b247a18fa6a69c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ad99a04f6c1c5a849f7836738a577a69

SHA1
b91a7cdc9705c437f6d29f2fcda4484033762eb4

SHA256
6b1a6806ebcba5a0078f8d7bbc09f5013cc11f378f17ffbb21053f3093280f97

SHA512
ec5ff8df4452341a687d2a4e86acb9cb90b962e0eadddebc2501d5cb3223076889dd2ae155e43d595624558f72ab9841562ce5eef2844328072b25a09a7cbf91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7311123b7beb674690194bea5aed22d5

SHA1
be37f515b2a16684c58ce0f5fabb515b13fa702a

SHA256
9423acccfc45b79bb5bb7f3f844ee3d948c6565cc1045c2fd4d93f7214d499ff

SHA512
7ada9d03b9c156a73298778f0cf99e772f04514a396247bf40c332a6a7b4c19335b37fe780a04092d362b8f98c1b9d6a7b5d95ea271ef68c6e16bbbc94380555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7a74fc27257f2545c7be24a32f3b7dc

SHA1
57433b2b69000d8d7e5517630d7b2e205a03f3d8

SHA256
85d0e397050c5d791390acb35712c509542dd14900bf1e36749a584a2b200785

SHA512
530717dd7fa67ec87c89fec8e31146fca6f5479fcd0047b3394ffbc34e4ed0f06081194e7f54fbd41b5ff0be7081c1fb69fa294cce96d6e5425f760856503e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
97db55d18b7178da4dfd22144cd7c032

SHA1
d5d2eed0c21ab12b96ef160b448df29c2c4b9992

SHA256
9bc7408a492944b2c7df4b74b4bd0ba0fd6800a72abb78c26d40cb192b7c89cd

SHA512
53992f0617264817ce3514d3fc7c7cd742a946220e4a65f13fe26e361002effce1dcf5e9b82b8859f35b5d7ebf6459b8ead4e9f956bf6012d66ffdddf39bd98e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580395.TMP

Filesize
48B

MD5
4787ab0448c3327af9f7287adc0bc8eb

SHA1
c450c6cb9653b04e3409e1fbaa5ed7b0fddff33a

SHA256
2f22b2b78dd35cbaa647594853257ddeafd59bde0fe55be4b24ef6169e71bb57

SHA512
8d0fd1ab77d4753bfd0c08da5ffc785038e908a38c132a8c1b682a6ba7cf0a000116c92adada50422f5ebb2945fd21ffc7d48abf1e49e462f80e3f8e2f933eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a1cc323d32c631e127759f9825618f7f

SHA1
b5b53b6465a375e2b0d9f42665faba1516b3d2ff

SHA256
6d34033e6da4264af824b132e1d9f339873e886fe11c04f48c2c2bc73ba858e6

SHA512
8d4d6d556b919bb1746f65c038b999587fb6d7585e702ef630ec74fcd290cfb613ec9b51b1e1d74332e598a53465eed96124ffbfda8c8324dc30298f015a96c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
68e92e267fa6c786c96f385b97e9b387

SHA1
c057aca0b85e7069812cb545055446988aa4683d

SHA256
2faf9feb27c0bbfd9f68607e55f7daf1bb5bf4e67b9e26f2ab6f00e4a5fceebb

SHA512
7c2035145c660acf3c2257b44a201f0256a6d05d3fbe3cfa97d0f89c3ca340bf3ab9353a21c279b977e66e58eca21f61ae7a5a7c580868b5c25519c5dee01459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
897cf42c17275e4adaf754803635b9f1

SHA1
e8b335dec7f6f55b68ff2d9f9a709a9a424c5678

SHA256
dcb2c5c42b386ec416808f9108f2cd72d03f78216cd9e436d169a34db9e4d320

SHA512
5a6c5cf8deb82bb0ea06ddf34ec89a1e6547a917488e31499a281b84f01f3f16cbb672ef468790c6c6442e0d1726cca9b528b7134b8c4593f8f6d81b4c2cac9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bd6c71f0b3799d381cf21cb1ac98f237

SHA1
c9bb70a713ad7e2e31e0f099b08b71325f951a44

SHA256
7489156818f89dbc2bb7849719f78480f012d5407293263fe94b5afd2b761278

SHA512
8deb72ac61480676a297bf0788cfd2fa0ea4dfb3b405451a467ce1944f1c8282d7a51d8f1e6cc1da90850daa19ba373beb0573f16a387912cf16d0fe0de5a994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5234dc6cc0c48209481dfa5bf70234af

SHA1
53ae9e31350e9dfb76915477d596fe4d52fef14f

SHA256
201562d17a649608221378a316c809765f0a2b9b4edb78d0803c46e556f7553d

SHA512
f632f27b5522e9216e3ad4635b1c4f226dab0f0c1c02240d3ede0f3d7fcde640687f4ac4949af514e42bc1966470511043e2662d8a557aa47c1446b266d20351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b37c2848cbe2ece2c254346a553fd114

SHA1
aa41c62588ac5b7e7afb1b3f7ef7092afd6275d0

SHA256
31f734ae161a209160c24ee468115d8f3d5239e51bf3b753063255f212d41fc3

SHA512
ccafd335dd6709e646d72bc1eb355dfd8e3c26be9cfd276f5f5cc1f482433689f1d4b6ff2f24fb439bfd0b5f989b6e82fca75057f76aaf8ca0b02a97021df93f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
db01580c758d26fc5513901b07c15d6f

SHA1
2a7be18a6da480c9492c62ef7b285cb57cd9c78f

SHA256
af5a258c403c17f214056f72c5f2ccfaa7d5b742facb4f980f00c774f4c5263c

SHA512
2a453b0c74723044a9685b63da454cc3ac1d807cc2b77b369b828fda87f3928b951a87b253ae90cca35f4221a822bd0c936b86f8a43028d74a5ddd94c7660a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
76bb00a6885b757948f9062cb69a1888

SHA1
3b5513bd29ddfa2b331dba7c0f744348b4751b3a

SHA256
52a9e980374b96722f0beb23cbd8bca02bf59b2d2a1467b8e6484a9de78e35c4

SHA512
9371ef7bbbc87f32f59619be7794250b40ec18d69bd37c06e1ced0fd63c13ccce3128a608c3ff29ac3a060be9470708ab1fcceee792b022b9d19175ba298bf45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3201e52822f3c01e0f68ff4bd87db351

SHA1
d14d3e1021aad7f208a52e4445734f88d3548fe9

SHA256
abd5343a4a11d6b0be9fa75f6603dc7db0bb9d2e5551e05c3533f5a9ef5c6ae8

SHA512
0c445f8a27aaa969b5e0d7928028dfd7bcc1444a3792bbb8479b1c3ab6aeb1917cb3c67d8c8124a8361b37def850cc89dadb6209df2af50f6b7bb7dd74353c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57da43.TMP

Filesize
538B

MD5
720dbdd994d0e73df7ca9f7fba225fed

SHA1
b1612839c9388c8541e0bfee51bf05226818657b

SHA256
af9d10a247c589516f9598cf175846dd21a02580b09256847a102f2391b21e53

SHA512
fdff8968a14ab7961b55d6a207a9813d1d986dcbcfdbcabc5169f4978da2a2b1ed2dee8faf35f184840783458a0a1bf812898a2092d8ad2670d240643c97d8b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d268f95cecfbd00db0e620178de6fbd6

SHA1
4a58b802d739f42dbd3763633f553071dce2b332

SHA256
46f17b260c4b9e77cce65db2958ac9c7ae1a96d85d44a8f067bd2eceabb9b2ae

SHA512
bb77fc34e599f2e20330e31d7a7d800a0e0a2e4ad60aab30fcb8dc2630d0ad1802c5147b10dd456ffb596f571d6e986485a8ba5821ac6ba566ee8807ef368896

Download Submit