hxxps://gem[.]godaddy[.]com/signups/activate/MS0tRThoK2FMYUxNZnd2R1VzcDFNK3M5b2pnSEh1a29yY2MxQ3VWSkZLeU1VODc2ZU5kMVB5U09mMHJqeGxUQlY0dVVDeDlxKzdMOWJSN1ptZ1lKNm5BSHM3eC0tTTMyQ1JJZjFRR3pXWHVINS0tbEpkNlBBR2djNmhjdW5ncER5YnlhQT09?signup=6868623

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2023, 06:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gem.godaddy.com/signups/activate/MS0tRThoK2FMYUxNZnd2R1VzcDFNK3M5b2pnSEh1a29yY2MxQ3VWSkZLeU1VODc2ZU5kMVB5U09mMHJqeGxUQlY0dVVDeDlxKzdMOWJSN1ptZ1lKNm5BSHM3eC0tTTMyQ1JJZjFRR3pXWHVINS0tbEpkNlBBR2djNmhjdW5ncER5YnlhQT09?signup=6868623

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4380	msedge.exe
4380	msedge.exe
2312	identity_helper.exe
2312	identity_helper.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4380 wrote to memory of 816	4380	msedge.exe	39
PID 4380 wrote to memory of 816	4380	msedge.exe	39
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 3652	4380	msedge.exe	86
PID 4380 wrote to memory of 4552	4380	msedge.exe	85
PID 4380 wrote to memory of 4552	4380	msedge.exe	85
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87
PID 4380 wrote to memory of 2744	4380	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gem.godaddy.com/signups/activate/MS0tRThoK2FMYUxNZnd2R1VzcDFNK3M5b2pnSEh1a29yY2MxQ3VWSkZLeU1VODc2ZU5kMVB5U09mMHJqeGxUQlY0dVVDeDlxKzdMOWJSN1ptZ1lKNm5BSHM3eC0tTTMyQ1JJZjFRR3pXWHVINS0tbEpkNlBBR2djNmhjdW5ncER5YnlhQT09?signup=6868623
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffc53b046f8,0x7ffc53b04708,0x7ffc53b04718
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7701157581452804111,6350427574773912947,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea03d9602828b2d8f2b8817e89b06960

SHA1
80b3dad92c2312b04b2a4fae005e9cd0bf6d4e71

SHA256
e116c715af3149df19bd1b776adcac0979f08efc2568690dfa0d068dd8d6209c

SHA512
cfbc15f519e58578f2a25d6eb75784f64e836f93c78d72c4c1b06f4e47016135625ea5d8db1540a6aec3e1c60732d45f1e1f2ac6c007c552835fb4d71c474a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4330061cb8198c073ec9b7bc13867891

SHA1
f1f112fadf5fdc7bd769ef1e9f65c2057bbf1714

SHA256
f5ea68531b7152657d6c904507939eb8e210b2108b5503213455df315a893189

SHA512
8b773452bb84199139f21ba0f2aed1f2a664049b223cf35fe5f68b11f39697c05fc6832da0f3c854e2f3f896d2d93274ea4d121a4bffe6232ea023fccfb1dc51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
469B

MD5
3e07721efbd67c8926690b3afce78968

SHA1
377b865a578897b9171eaf7ceebe156452411424

SHA256
06a58a0145bf6cec0c569fc2a3c4db77611960d0f59d9e91dc1763450d7f6c8c

SHA512
10d4c79772bb500e5c23984111366adb1bd9501c0246a61dbe08600a6263a77a7208c105e45865c89aa79de295396b7f1b7780ca985c4dedace9810c5bc1b804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7fae6de02e14c240a26fafaa8f537a6

SHA1
fe3dfe38e9262cfde8572e1d33f46217a2dad021

SHA256
3db7a0862ddb5bf399312245930e6492269f0d59b8e6106e0d81c9df7fa8fd68

SHA512
3ec706114bcebafad202a3ec30d394753609b772c2d8456441edae321dae0792b6849cbc3f2a0dacb7cd6d49a2bc79ed29346b3fd8f8c8e64b36b7e7b93110b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2d34b945dc468f6c8e52afaa341ccb92

SHA1
6cb102f42d4fb6cfe16dcbf8982191bc2608e71c

SHA256
6a700dece8febac6aae82ce6acc1cf62fbd783c03db04bb7c915f30c07948b54

SHA512
0b362d27c54640640dda5750c573c086a9cc43c620aef88288d1d4a9cc7e6d606ce66febb51808f97124760dafa31291b05543d2dacc964771332610f4aa3643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a969991b4f71d534fe3befae5f7e042

SHA1
b8f83c97433ed469eb2107bbbc9282067d59fb2d

SHA256
360864dc52a81f3edc11763b12ca001ca2382ef0e67faa838ae28884b0579e87

SHA512
61f19b4ec7de4858197f2337bbdcddc9c04f8b2a328ba47d651c1bf1d1efd91c39589e44266f96ca86a4c4a1544db7b6ef1d408e954af2cbf256e79fbfe382c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5932e367fa02188254b322df37cbffb5

SHA1
9014c7a88235332acc6050e792f5160a9fa8332e

SHA256
22cce4965574bd8fa8532368d69dd24dc2106bbbf2a45b6e6a7c536a9d87402c

SHA512
40a05fca3e1e6ea8c1c2a3ab9865e1c8a032d53d51e21b92cf2263e7a8cf4b88208939a3f0fb327b2dd694c0f89f6a1291a162415b9be846934623780f6d8f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
4b20835c3c7ac4611e7961357b664023

SHA1
6802d95a7232ff5a3f001e3dcff1d8824a4a9309

SHA256
ceb6f4ad57772f78245f665b4024b830dba38860ebe2aeba96c98b35d90ea421

SHA512
baf7744d4bcd30f01e82d8aa003088c594049c03f265ea1da3248affce90d84a10f791f4b0a13ee5e4c58f2e000e82a7cd24043e039228a8e69adf4b775d8608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e08c.TMP

Filesize
539B

MD5
7dd9ab586a345d6095d2c7718fc7c5d9

SHA1
ec143e0cfa357a1fdaad5dfd7d0551015904be5a

SHA256
ba4e0ed7df8780ccac1bd224839beaab4035df8c2e429c3bba08de6aa0cb7042

SHA512
f44bfbe36871fd643b98876863dac213bb14c9f26ff35ef7f71a159f957739850ad5b26a4f5f4fdd41f6ac4f218f8a4af25d8d56e02712fa4220682d667a5098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5be16aaf57c4547240f9b9b37630dd79

SHA1
79b6a2adf03979171d20f10aa9fee601ecfb9927

SHA256
aff714a8437a4179977f3226807fc81dfafa7e5370a937f55b41976a9a063fd3

SHA512
09f8ddb99a7211f0a02af1ef31aa93573035c16b85b493d21c33c81b06df2dc8aaa4d0e51c18b68a273ab09640991ee984114bf43b152c107276d9ac401f1e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c440ea89d33d55b46fe0f8c47c7e760d

SHA1
2d136cc315fbc21994eb3b04c6256b10cacd78b6

SHA256
de4e4263947bc3ac3e9666e58b1fc5d03fdeb2dd67aa86facf9fbd8553ba52c2

SHA512
1c1731150cecb9abf9c32294e748d2c457f5ca8e33ffa5a9cfd1b1301165f331c7ddd293b6ed832a03ce222bca1995d346e51754a3b2b597a725d0709cb0f573

Download Submit