hxxps://www[.]macmillanihe[.]com/page/detail/interactive-general-chemistry-12-month-access-card-macmillan-learning/?sf1=barcode&st1=9781319249007&loc=uk&priceCode=de

Analysis

max time kernel
155s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2023 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.macmillanihe.com/page/detail/interactive-general-chemistry-12-month-access-card-macmillan-learning/?sf1=barcode&st1=9781319249007&loc=uk&priceCode=de

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3456	msedge.exe
3456	msedge.exe
556	msedge.exe
556	msedge.exe
1752	identity_helper.exe
1752	identity_helper.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 1688	556	msedge.exe	76
PID 556 wrote to memory of 1688	556	msedge.exe	76
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3452	556	msedge.exe	85
PID 556 wrote to memory of 3456	556	msedge.exe	86
PID 556 wrote to memory of 3456	556	msedge.exe	86
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87
PID 556 wrote to memory of 3952	556	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.macmillanihe.com/page/detail/interactive-general-chemistry-12-month-access-card-macmillan-learning/?sf1=barcode&st1=9781319249007&loc=uk&priceCode=de
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeaf5346f8,0x7ffeaf534708,0x7ffeaf534718
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11733318825234125661,5986884782892353882,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
90e7556695949416356bc6f59f7b8605

SHA1
d96a8e476e6086f0645bba49ea2ce1b25e9adb5b

SHA256
283e536a182ce2c9cb6aa4a0b10cba0c0a77bd253122bd769301435459fafc0b

SHA512
3ed3d751d3da1040e152b4aa1f2b9448f46453b409ce621746c60af02e1d63dbff106e1dd956bb6b4c84bcce3d04af9ff93e60617094a6c52f2ce3e4cf22c1b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
eaed555a1d9e20cf32a2360c82483f33

SHA1
71a38a808816dae14a7694fb196920f52a3f61c6

SHA256
12e1029bac477730489cea36cde77ed66491d2acbadb56adfbc6e315f64a6eda

SHA512
81d5307c9bd15237a8d2c8a129571170672f203189f219208fdfef361b35223dcee894d237c4f7440bc4e05e08af38d0928de22752349fa5ff15370dcc5802ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7bbbb3c8c6f9f7fce4dd20f1a2fcd749

SHA1
c3a601a97c1d05fa9749031021a602dd285c3d6f

SHA256
20971de14bfa3a441de10669f3064aa55afb1f55b13653318a26271e60df26e5

SHA512
5719bd1116751c0aec76a8248578863dade1606215e67ed019864bf44a3df009342d24a1df4fc8232d39287ff20c91effade9e3dfa748535c8589f26502c45a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1dfc9541af3e183d29df5c042eac7103

SHA1
4b37b53c27559a9e089532f4dfafd637714a87e8

SHA256
382c5b5d868c68fe23b66b069e0c256d56940ffffde3981aad74d72ec8c16626

SHA512
3af7e4b5cc1b7e4041d640332196aa251268b07e4ed946a95509653190f22fc7d9327898c334ec4f3b62f71e6426a3bd2184bde98c591203584fed1f1b4a3205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
74b16545307bf7802264b019f8bdcf0b

SHA1
bc7a582c9cbb09457e6255dff927ca6028ac215f

SHA256
d873156eff0c84fab89739d7c3d09253500ad7d4c885c42def5ce6b6acc38bca

SHA512
63041066bcb1e3157a15fa72a380700746989adb24ed5f6979c272ce3b95becca9aad58b9c02c9871b59eb55579ce8f422791b6132ca7a62e9fe53e370fb8550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db3c63b52eebe5719c53b475c1dfaef9

SHA1
78297bd774d648061d9278b30d618297daacbc16

SHA256
4dab1daa5ceafa30bd3c92440a817e2ab7679f102e410a86372886f30a19990b

SHA512
d2e540c883f4915d1e217be0bba6e76ab7954894c55d9d602e6a4f4cfcd24f4b9aa0a7120a5c845ec9bd193fb238be64d67b949401142552a307bf996b7f1096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7103b29868c2f1206841906e3671ae3a

SHA1
c2ed57c41529670403989462e419a72544c1aac0

SHA256
d4cc0b052971cbb9af381e4342ae010e03f33a21ec30ff38e7c33ed1d7f70d26

SHA512
38fb500787206c5767ebd5ef697ee8c936c0185b42b1bf2fcf6983ab03650e5c2e8b51cf9617cc1b98ef62bdf3d84c28b8b1f51f1d5e70b867b1a4b0aa4ca417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5625290ffd2b003ab141f9349c5d2ddd

SHA1
b08fe16a7010dda419f0a78cdc95032ef64cf369

SHA256
f9bcce62ba91b13637ff62be132fd36d0bc825dbac24670f1c5076ff45c43ab8

SHA512
bdf9d1c91d0a08df78811d53808e8baa6a7072bf024cd9ecc9c80cd901a9b59c4ad4e243b5cfe731d65e1dd476db07d5a0df14c95e822608de3b5be9e7ef2ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587dd6.TMP

Filesize
2KB

MD5
0310af283346b99e14c93a8a55232101

SHA1
280c58d9e1ddec6b876905a8e153ec30151b3fc6

SHA256
5e8aa21a66f3bdc1d08af086d7e9fff2bb52be32002f264861225a6a121e84d3

SHA512
4b33f2f204a8f93e2d11819f3ce3274aa068dc731a3285a0a220a42b8e1cd178d70d1c6212a1d7cb8db76b49f0ced541b562a59ed47519492938b3aac299722d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c6310da99342ca1384287c368f68e1ce

SHA1
1278828bc00934bf4c16227085c3d171349494ea

SHA256
427dd31419e04b500215f63a7ea677f8454f983eb9dcb7841f5abb8042f24ccb

SHA512
d17629e3943749c14ff1333d94a6861fd1764d2119fa6e5db1c93e7e5ca6c6a4f25474c1d17d4d1ac8182fb99216b01eb7f3e8b78286f533781b92b1a7341dff

Download Submit