hxxps://forms[.]office[.]com/Pages/ShareFormPage[.]aspx?id=iTARqgAd5UqV7QMdokx8z5JQ4K3tn3VMnOw2L2-4Y1tUMktJTlFJQTdJREpFTzk3MjkzQlVMVEdJMy4u&sharetoken=gqbfHeGszUYQ6tovnpYM

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2025 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://forms.office.com/Pages/ShareFormPage.aspx?id=iTARqgAd5UqV7QMdokx8z5JQ4K3tn3VMnOw2L2-4Y1tUMktJTlFJQTdJREpFTzk3MjkzQlVMVEdJMy4u&sharetoken=gqbfHeGszUYQ6tovnpYM

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Detected potential entity reuse from brand MICROSOFT. 4 IoCs

phishing microsoft

flow	pid	Process
75	1928	msedge.exe
83	1928	msedge.exe
155	1928	msedge.exe
155	1928	msedge.exe

Detected phishing page 1 IoCs

phishing

flow	pid	Process
141	1928	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1928	msedge.exe
1928	msedge.exe
1892	msedge.exe
1892	msedge.exe
4492	identity_helper.exe
4492	identity_helper.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 1192	1892	msedge.exe	83
PID 1892 wrote to memory of 1192	1892	msedge.exe	83
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 3760	1892	msedge.exe	84
PID 1892 wrote to memory of 1928	1892	msedge.exe	85
PID 1892 wrote to memory of 1928	1892	msedge.exe	85
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86
PID 1892 wrote to memory of 4128	1892	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://forms.office.com/Pages/ShareFormPage.aspx?id=iTARqgAd5UqV7QMdokx8z5JQ4K3tn3VMnOw2L2-4Y1tUMktJTlFJQTdJREpFTzk3MjkzQlVMVEdJMy4u&sharetoken=gqbfHeGszUYQ6tovnpYM
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9ef746f8,0x7ffd9ef74708,0x7ffd9ef74718
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  - Detected phishing page
  - Suspicious behavior: EnumeratesProcesses
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3144 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10789545575276146967,14214315040075890582,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
56KB

MD5
576d2203e19a860b95bb67c655768c1e

SHA1
163c9b4505fa2f7b1ebdfa2854358b709c75614f

SHA256
9fa77b26be0bf9903945803cb673a12ed6f1edb5724ad41c34effecc9768df9f

SHA512
ab5cb50ef698b84cd3e6abbe7ba0161ac09dc81e2aece46d401ed7ffb6db5ae1600513cee80d9d0ed3c087c49d7b7b6e55a08595cdc99691ee794cf277da1ffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
110KB

MD5
f3588c5412d4119f95e47073a4a5df72

SHA1
3c4b1652e71c25e1ce7de611fbd17edbaae411d9

SHA256
6cc79c59f00478ce5d8eaa982efdd8fc3cc205a7ea023a564bb2688fa206a087

SHA512
62886f8bfb32d2be842a23eca157556c30ec1d616e2607d9df1894f702bb7a982eeb3576c95f859b4b8e9183a84d70149a8802f31317f80d4845b02ccfa018f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
444KB

MD5
318277becec5e643dba9be3421eb324a

SHA1
dd0994446a87d436b17bdb694e39967728983fe2

SHA256
b0435f108a2f6eb68a963b03198ed96d554bf34774fcc5a11137445f9a9962c2

SHA512
11a3da52efa5104a89b01900f1732730a9b05f1434b3b350281353734c9d85793d65c100c96060a4275f2b61b986ff45b8aba71462a9a9e4f4eb4154f091bb2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
119KB

MD5
9cda699a84ca8729faf194b8efddf6c0

SHA1
804f83f5225243951178a1f785af2b897b87aca5

SHA256
a7c6a8173409765cfcaa6925cbf2ca7732ecc5b353fc8274746fa4bf4a1cabc4

SHA512
fa7a94976304c486a8a20c0672c8b4dee5532099434b475b36c230498db14de99596b54ae95a2c9d2601eabccdcdee4df5a1b21231f18e6ead9ad453120588eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
116KB

MD5
75cf78d0e38c65a538ad253ca9e48dbe

SHA1
bf0452e4a42a9af3b69d5d8c3a3a0433f14921b6

SHA256
df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0

SHA512
81383e4fdae1f34f8e652f69058d57a2a4bd0a77c2c41c3174bee0ceba83a8326229c2a74eaf415bfbd34382b1c442a97c41034f43cd77a391ba9b4daae65463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
185KB

MD5
8cceadf24fa4b3511a0e46572ba17750

SHA1
fcc78757db6e18afced038a26315a7f8f9d94560

SHA256
5250852fd581ff023faceb535f86a0647ce7fe665001cf24e9ebec0e89c73700

SHA512
5144d95978d3883904b58a52e1d825a7ace6b4a956b286f1164cfe7a0a95ad7dfd98bb860db0045d611afa39f51d975c3f855f34dc3fdebe52a2fa2340cd086d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
397KB

MD5
62627959e9174f652fffe451cb318926

SHA1
74a1658a01c50b01546c3e8ae9210cd93c7144cd

SHA256
7e782066c034f36e626f218099eb0588cf0ab8e8df19003f48adbbda284e8fa1

SHA512
efacc6a55fe6e8c8160f68de71e1d21374e3f79c1482ee1a5543338caee97d4765eacb40f5eda9fdea9189f02f62e3eee2ebc3fef2bc730043cf644c044d7b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
111KB

MD5
9f02e24cd4e7788d28587c2b1cb504e7

SHA1
59da2fc24777cd180f6d3a3f7ce9d9dd90520430

SHA256
c30fd6bb912661057ec2eea9a2f135303a6d0f8d110bf11493b369286f0587ae

SHA512
95276c7f1bba2777f02e7cd3674cd0e967c96f0e0fc88c0862e82a7455a6c7d6cc90a23f9623412b3696f39f8c4069b17dc8fdf16c03003165d398e2080cad57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
2437e62031f6fb54083c8a4330ec4eae

SHA1
ea418d041e407ca70f66e70a367771dc0bdba610

SHA256
b2a293a9a02deaac11ff29d45d2b240c30b2ec9a0a04c818c88a4d99a5524eaa

SHA512
aa25ac06d706ac58b7d76b63fb0ace1a35bfc4f9c11c9ac18d2870aebe938902091dcc7ecbb0de446ee8aaf5d251c4fcd1b9e447f1129b50523fd095f0097cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
73287e63f84b2a4311197eabd0e21bf5

SHA1
9839e7d19ad8ff44d2a0648729252cf40985c2d8

SHA256
c91d3cf8ea501a65cfb1fb54bdda6fda09c19bdbdfa752b2286ca75eb8559f78

SHA512
5c3d4f7c1a6e31a8e51caf5b5baca5515ece7ecdd4964dbc57d58dcdd1d2c138e623dc664c6cbce71f59ff60225e41c3b961b2fd6a34086d09366eff549921a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
952B

MD5
c9424fc27c52433a79c9ea300e7af76a

SHA1
af46db030a725b183d9669b8694d806c049cad0a

SHA256
9dcaeeb42119922d61edf1e92a658cbbcc3d091da6dba132316276a6b37eb0b2

SHA512
6fc348367968258ef681ead70b77f1f77feb323a0212a7cde3df86c5af07fae804c638786ed5d91e107597cf365ed84686275b29743076d20d1f2f6767d1c1a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
21633374f57ac78978ea10e9565c72c1

SHA1
46d563faa64c4cdc8dcf6d9a4d4e38f82c8cbd94

SHA256
c1cac5bf17ec1f1bb5ccfaf2cf8a4cd0792809926ed3b8f2bd1e93d7eac492e3

SHA512
447cf9ac9a809f587ae2fc268c82b0583476abc7d9d90e46ae24b487c52eeaa5cad19b7b2709bf5f820cdad6d6c0245442c47a5184cedfc59e684979bd8cba92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6818b8e952ce946a83ecdf13de7aca0e

SHA1
c85992cdc288911b85b3f9c14160f314738c5f76

SHA256
3ec7070fe54a1f712aae2ab1527d02eece0c1f07294d0347b7699b2fecb1a1d8

SHA512
4801f78a0295dc2bb10bc95865ddce30a2203c3957d1f9e929b2a11e123f30ce69e5d363a61deb2e92663fbd6bdc2bacc6a77119765d2366af37492f4532c4fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
801045745e5e8790621f05a11b22f79e

SHA1
bbe6629305dc645dfa7a7d4f67d041e416e3cb48

SHA256
f7e6a008fd6b05dcdd881af1ec1c53c9ed0f81d54c9e10e4da970c645140e330

SHA512
91d842d261a1c5a19bfd1fcc2ca6be0c43a7d0879d08d0e4563efda21dc729e84f6ee6e009c4e7a7987b45cacc5f83500b9f300759d626d0c1de835acc843661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4a490cd6c44f58ec1ce420f75b479d7d

SHA1
e73a16330c4951dc8fcaef7acd83e5db01d35313

SHA256
e1c8db4934f984b44f6e93e86fafebd89354000e71761d42b780ca7833a5bdb6

SHA512
0e1c03820a82823e6222ed02b547b7169c1b90f958a4ad9dafb11edb5f2f0ba55556e0314c2172e4136e8810dcc6e604150abafaadadf37b24b8222b961b10cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\2a616ed7-b147-4d7c-83ed-3572e5fb53c6\index-dir\the-real-index

Filesize
72B

MD5
3e046e4011139e489194f3486a5b0a24

SHA1
dbd975dbaad2676c1c69dcbce260a7f2f72e2f70

SHA256
12187f852c9ede071a01ed4caf3fbf01e781bb57765d4dd33c45bc8a73075503

SHA512
3978ccb2752161556f7dba4c5b4cf7747204f5c22c3201ed749bb848e95fd6297583524a130646067474ea1ea187323da60a7a6e753a5016d1a5f25ae543d5c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\2a616ed7-b147-4d7c-83ed-3572e5fb53c6\index-dir\the-real-index~RFe57cdc0.TMP

Filesize
48B

MD5
196c8eac5a9fbf487d6fd48854d1b1fa

SHA1
fcbeef0a6f03c2c48499c6f3eff3fd8aa7ea583b

SHA256
f05cfa37d453d3ea1687ae975504c95a8d46e32db0675f64d18b16bef2519a8a

SHA512
7dc5a03524cc44fd802865e99bf7fc7cad15c44cba79b060a3b43d6a393b717ef2c743055cb9f939d9faf0f4aa6817c9f397b6b335e159955ba7a04609cdb4aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
92B

MD5
5dc67857e42217e4467a59271a33a80c

SHA1
8a16aa14bbe42f496f560456983da9b016f56de7

SHA256
32959bb61cdb97c018b214a5ed6fa1088e00ab5f3214cbfe317c9ac6542805c7

SHA512
ca37a7e2d6cf0191b163c74f083cf28cf1705be12be0f04732ba53baf9063ae202c1474178b024869d6936810483fab5468d0f0a9cde01d293b15f2bbafaf028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
86B

MD5
a5ec34e97268837c37a2af3de9c4a3f9

SHA1
3c6990646b58f2a25d7162d8933d1db9433a1ee9

SHA256
8618fc883637f24389b02540b0c05f952b5387d2616f7ea653b1048a135543d3

SHA512
3dede755d97fc6fc7f658994e02f61e2e134268e2e5ed7cf4f954af2dc5f4d0ad496dfba767d94bc2fd084591d1a1b92304e6b8d20f9bca326c0a72848651e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
791e728c20923a82c6854aaf1b8b1493

SHA1
fdc119531f0aaa9e2be9c70c5937003d2a2abad9

SHA256
5bb0ffc768e9e14b80f3c24e15b2b2dee55a200c3500c0c9c366befb2e190662

SHA512
94e2fcf37c93897c464a25026260c03586ee244279baa83a79e60212a3bff993eaf2f76f6670fca3e527ed08beac5e74e5fcb761ba48d6d3dfe136742a44a9a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cd52.TMP

Filesize
48B

MD5
6e4945e0140ed75ed16b870b43509c6e

SHA1
042957388651b151dcc3b496487017b8aa8de1e8

SHA256
761a8cddfffe72719a95070894e9bc0fb4bcefd60881d4a1c60d7ec648405c2b

SHA512
eaf9e5e74d0b6b93d1f37d8ee49c870e7608a6ca0cbdc3fd263daff5598cffc799988520eff64f4be1a49e9da863f2c4015a463f3c366c9db728decd891cc370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
1c53267334a6ceee20555a642a988e02

SHA1
d0f775b3b23c86f9ae96f7ca7e051de0aa323a13

SHA256
842f4ccad4549eb8f73aeb3ceac0d0161b47acd847999048bb9979c07c9c7fd1

SHA512
ac54085bb1cd53b4e7aa1b2d727a8c14af6ea9092b778ce6b525a4e292f971604e5e764be9b6a4c8dd0d3f9994af3d9b36e113d5c19031f4be491e887929a365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
870b988e9fa30f29490da6dad59dcb42

SHA1
6cbb7ebf89c476f4b43c06c21506851abe8e918e

SHA256
0d9212620b51f151f9ea226ed3985a903219cbbdaed1180ffa9189ca0b34f306

SHA512
21211a57b73c8fada6b4e0608de786ef4aa997254db7a03f550e81d36fc52cfe697803d92edb6d720459d444b84900b24aafde790b8431daca3eed2da48510bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
699B

MD5
045cdf690d4bb975ab62ac4313325178

SHA1
e2416a00acd369b2290c55e23b44c58c1c55cc1c

SHA256
2138a5bd3a5267146ed0f63549acdc7e7b1aef2c34a8608cd077cc5036361e34

SHA512
21beed570f03d8b91f176b20d3b39ae07d97a097c14259073ee7dbd81cdea94d7ee6a79846d5cd1c527e5908a31b2c974e2c1f1deeb368c335a8f42ad8e78a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e0bb.TMP

Filesize
532B

MD5
0b5217fe425e1ffcb6f663d6bd2ddfac

SHA1
0b77db8e9ad11c78742f1e557f6ba2f1c6bf66c1

SHA256
ea9d855305df51dc417415a960fa7de0768a8cfc828422864c0cf19332148a05

SHA512
b4bf62dc1579ae5c2d530764f82743515a0c1c34cf2337b2dbbd6305d2dce0e61b6b9b3bd03655c78d90d2c370a8796184d33317a87b0429bb5aa5115cdb4ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2399e386f1021700bfc505357177f474

SHA1
7b7287727a03c638d2df160c37b47376e280eb1a

SHA256
0479152cf549af08ba8a44c3b0fcf318846b49fed337d39f29926bb4f76952cf

SHA512
aea725e8e31653dd88eaf9398f5acfd13cbdadfd40ce2fdb435ac44820d287ff67b542a52ecb20ed3ca0c3d8bbc2a65729aff7d45fcfcd1fbd82a7e374044326

Download Submit