hxxps://1drv[.]ms/b/s!AjQXByd4TyGZgR3gZRAz4Yw1jRLp?e=YUzgeF

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
30/08/2023, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://1drv.ms/b/s!AjQXByd4TyGZgR3gZRAz4Yw1jRLp?e=YUzgeF

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4584	msedge.exe
4584	msedge.exe
1796	msedge.exe
1796	msedge.exe
2072	identity_helper.exe
2072	identity_helper.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 3268	4584	msedge.exe	59
PID 4584 wrote to memory of 3268	4584	msedge.exe	59
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 4432	4584	msedge.exe	83
PID 4584 wrote to memory of 1796	4584	msedge.exe	81
PID 4584 wrote to memory of 1796	4584	msedge.exe	81
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82
PID 4584 wrote to memory of 2980	4584	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1drv.ms/b/s!AjQXByd4TyGZgR3gZRAz4Yw1jRLp?e=YUzgeF
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3af746f8,0x7fff3af74708,0x7fff3af74718
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1128 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2263276256309310530,14211142346291120464,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7ad9bb1054aa03e39b3554833d0c3ec

SHA1
cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

SHA256
0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

SHA512
d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
009646a350b910cd62aef2838407a676

SHA1
8bb3eedaad3e9f866771a934304740b0cac3891f

SHA256
47059fcc55d62b005f42fd1af4223021a17146f61166499e583f3b638a569de7

SHA512
ec60ee5c102e627934e90843901dd8bfeecf4b818effa109a6f8b2481e4da136accf12f2540038183b6a6715295a75de12651c1e97be401a086a8eacd3bb1ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
93405c8aa2226d57f9e5f2829ed635d1

SHA1
aec574b61a795b8eaa9a36dbecf1a45f6087e781

SHA256
7f191789ebb7ba5028b457c9c9cd7569d6e4e074d79722038b618bc31739fcc1

SHA512
0fb0ba3010410d4cf5a2288294c5ea5bf99889064fdc26c44efd13ec13c5caced8d328a8858a625585a985fbedd8f700da268287c5c29632e790e08e57d16d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_onedrive.live.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
31fbb9ca197bffa50261924f7d50a8bb

SHA1
1bf5ee713cb501ca7a6694f436bfc5c1fa698f63

SHA256
c5d1debf8183dca7305e19f6511d377cdcfef5f5a3a1a987c568b67852c59963

SHA512
0b62e2ffd9f08f43c6b0c2c8180b948b01644c8edcd92ef7b60e32574496c35cf78e4b966f62f6be2882eb414317150def558546d9e56261dc0b47cb42ef20a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cfe246b50fcacee7e695bf6f0df163f2

SHA1
f61c316459bc92a35353f02d6b99b0be8fd91d66

SHA256
33bcb440e20bf159c584cfb3c4490cd6f997bd47529c04f8d6386480f98ed621

SHA512
f454619eae30beffe9a924b32bd99186ec6fe41a82d9b794945e18670b75337cfd6f04fafa4cbc62b3d84db989b221f995134a0394c4bed883b09a1c87a00a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d8e651fb73432add4591d5ad3c050767

SHA1
e84d58dcd862e941c22b4597603e8258594f4342

SHA256
781e128f85e3b89be8d7bb1c682d77a16df9d88d5910f7262e6210461935570a

SHA512
d51522194aaa34b1760473ae4afc6650ece7ebebda1176893a23f6facd3da48146057f95c618f04a5406b3793a877e1f82069a9ba32b9dbaa463fb774de2c070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b67541fc6a55731240b3cd3e1308fc0e

SHA1
659e2f2e7176ab21e88367a1b59789427c51cc05

SHA256
8c7a95d4f1863334386ea8619383c456b4628341c1ccd5e1d5d8a37792e3e204

SHA512
1486be2163ed44c343cfce6b6f84e6415bb544784838448dd0a42ea3482177603125e4ff6380c90cb1e3df1ce0acd955a3ae8f5d4c058331e258565b3fe27b7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab9a6735b407551869365624238dea71

SHA1
b29fa38c510f093db418efcb96c92d2222d8e203

SHA256
303d8c09b0ae4593a27899170c6c7abcaa18668e022ab46f43a3070243cb080e

SHA512
7dd4661b0654835ae38ccd0c17debbdaf7e9fc03dd97a41b3c37e8eaa477307858a2f1ca691d0397d9bc4ed22bf10160682edd6a04180974b8311c2b39aa07c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8358176460a9684e20186a67cee7c48

SHA1
1a31056ba6e69de7f77fef00f9a8bd07203d4d2b

SHA256
1d72fe41ac4485b9c013fa59502c88f3a432250131880a1add9a2f246ea37503

SHA512
27649b43060b59a44bca438763c125bd43ed3373822843baf7067c40d924c648be6d0c433377aed3c731c5c0e5e730dfebe71801281fc765a5d811bcd400dc63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e62cc4051e1f8eaa0abda5d730a2496b

SHA1
d15346e40b196bc313cbfe5ac96b3c90b83345be

SHA256
ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb

SHA512
3e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5c3d66b4c396763620210ca29e5771d0

SHA1
09613b7046f6189b13e1387e58ff2bc5b94c5bed

SHA256
12e9d936836649bac19667c2594496c47bd6186a645aac36e31b2dfdeba18a40

SHA512
a56f772edb9a19e89cca58dc207cd8c6c55238a35970c07c23d9a12d93fc446f415252164d1e63386adc98128d5176fa6248a76b28bcd8a6462ef8994224a9fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cfb4.TMP

Filesize
48B

MD5
9d2cadbca0fba27f7f1b133441a21365

SHA1
dfbb83d30e40cf4396adf196df81082af2053583

SHA256
4a88881dee23c1117e7195dd31917294482961090ee8a0d4d865ef9046698c44

SHA512
64355ba516217719e73121a2323ee8c7b1c9f6d8b0aee5a8bdbab4c52eee8fd7b097899fe33168a2b971cf1cb4172662b4d0a72e7ff4e21f93f9053b963fdb5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9853c31a833b7b7f40a4308448a4b7a7

SHA1
eba0f54fa76e91c3ab0c28b2086f6c8aae6270b8

SHA256
d139cab913a542ae974f2dd23f2db8cca2f0b3c6d4e90c0c041d54d6d07d00c1

SHA512
98e64d95cedea1c50e2fb0f32eb9e625720791334f2c7d74c6849e3b2fe6562b09bc3f0152847226842f2ad7b9ad92b683eeb4de2b75e308484d16ad5921680e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1a6f0880629ce415de7424bfe4c63fa5

SHA1
8a71b14c90fc50fdc31a400e0e233d17dd30e200

SHA256
5c825f5c7e1d26676b0c2dcc4c99b283340349ea0903add65ebdb75f61d70b43

SHA512
c2119ed1fc80e3d99b1d9f036c6ad2d60931fef2bc81e99df1c17857d27678878971365ee9e4d15ac0805668c62575a5f1b4c7376caea102294fd52edcb552b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c4fa622a3c17455a9be3432323bda04

SHA1
41c741bbeb3e5dc453ac614b430d78e7fae4f01d

SHA256
b0ba101394ef1e3d857d1dd3a32f83cdf4a05a63177d880605af4368babc0351

SHA512
2c196d82576bf6c28b488e2aeb9d25901d08b22bcc87faa8ab754a4c6b1f81a3db8d8751493ed3a6dbaa1101c84bdac452baf10bccf5fc621046820334199e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c5d0.TMP

Filesize
1KB

MD5
c7c6bde2b60283c0369b38d6565e8b92

SHA1
09d79a5d7ab9d513589f0fc53f776a38833d79dc

SHA256
fde08a9a45d9ccf78ee9d29b2b2aa935f7b8d49e406943024e7a0c1beb9d3ac1

SHA512
90d9681e3f12ddadc2df7248d8fbdbd424fc7287e956467d1803ac66e4d4f086208e696f08345ef7ff87caee20867a4b173e9b711020412c7d4f3bd90ceacd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eac9dcd6d36cabd2ed4f6cb6bcccc7f0

SHA1
a658a10ef405751de202ff4c2e7c75d441cb5acc

SHA256
2a9086d72703fbce822728673d3e813a0b3bb0274b3379804efb4938dd7ee894

SHA512
4fef68f805d63c1917fdd72601aefac9c16bbb7731232018b50440135dba81fa22a3a41acd898314c400c85c63e0e9c8f58916ab40599a7d94604ccb99b43f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fca87be62b54e5dcd0ac06382b31be62

SHA1
e5c2bf176cd649ee3bcddd6b78079564d3fb14f0

SHA256
effcee2e16b52b7758c6d1ffe78244bcd864529f416527979349791ec2c55757

SHA512
7de4635cb4bb38a7488834d1fa0c4585ba43d79adbb0c6e5d0fcb73754e60f79086e48e79cdd1d18a78b80ff7413e12c73001be1240c702e7fd1f2079a008b87

Download Submit