hxxps://login-micrs0ftonline-sharep0int-businesssuite[.]work[.]gd/?yzpuvxsu=fe3a826b1891646a91635b50de55a5e900126c01c2b426ed0390207fbe6434302daabf0fe5e6917a273be83a8175d960fc234a1ccb995b92efdd8c1251e7d360&emailaddr=brad[.]wiese%40volvo[.]com

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2023, 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://login-micrs0ftonline-sharep0int-businesssuite.work.gd/?yzpuvxsu=fe3a826b1891646a91635b50de55a5e900126c01c2b426ed0390207fbe6434302daabf0fe5e6917a273be83a8175d960fc234a1ccb995b92efdd8c1251e7d360&emailaddr=brad.wiese%40volvo.com

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
3344	msedge.exe
3344	msedge.exe
4348	identity_helper.exe
4348	identity_helper.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3344 wrote to memory of 4004	3344	msedge.exe	31
PID 3344 wrote to memory of 4004	3344	msedge.exe	31
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 1880	3344	msedge.exe	85
PID 3344 wrote to memory of 228	3344	msedge.exe	86
PID 3344 wrote to memory of 228	3344	msedge.exe	86
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87
PID 3344 wrote to memory of 2560	3344	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login-micrs0ftonline-sharep0int-businesssuite.work.gd/?yzpuvxsu=fe3a826b1891646a91635b50de55a5e900126c01c2b426ed0390207fbe6434302daabf0fe5e6917a273be83a8175d960fc234a1ccb995b92efdd8c1251e7d360&emailaddr=brad.wiese%40volvo.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb502d46f8,0x7ffb502d4708,0x7ffb502d4718
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9394555960042274991,2153994519575089774,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f95638730ec51abd55794c140ca826c9

SHA1
77c415e2599fbdfe16530c2ab533fd6b193e82ef

SHA256
106137874d86d602d1f4af7dac605f3470ec7a5d69b644b99d502bb38925bbd3

SHA512
0eb01b446d876886066783242381d214a01e2d282729a69b890ae2b6d74d0e1325a6bd4671738ebe3b6ecadc22ceb00f42348bad18d2352896ed3344cc29f78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\679f0670-0b0d-48a4-9b04-84ac9e395aa1.tmp

Filesize
1KB

MD5
61367483c7fb4d1c77793f6f9686f3e0

SHA1
00d719afac490e6f0d35c57b6a8d2de335407b5a

SHA256
cb06e2d0714bbd0e7a5eb4bd32a832e9cc8d217efaf8447b5d7844fb1609becf

SHA512
a0b73d7fa6eaf78fe969ccdaae4115b927b207585c01846d2f7f03a2e637fd5a7823f9d1f97885bb55f02734d54089cdd3131549eecb958a50831c4cb363228d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
d77d2513751d78da617ffca9b022d9b3

SHA1
70402ae36d9899dc7c7794dbf857980afe5285c9

SHA256
f85cb9b046371c51773ecc8b4a60f967e2b5d4d83814f0c8476459ea08cd5378

SHA512
cca0c6f8e9ee3e673aa6a4b92eb2012caa469f343be5dd5b89f87b106ba867dd4f6243e95c42b8f5cfe23dc2a0785e8b722fe59cde13d08bf8409246969dc1ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
672KB

MD5
3b72e939a304ce05f0ceab4a0ac39dd9

SHA1
b2cfd3cb1bd0ee53c795e040063d0f55f544d939

SHA256
cc58721894324d6f6f53b7fe4cb0d08f923aa75e52506c0a58d29e4390b7cedd

SHA512
f4af43ba51b76496c98a30f06d9903440c4957e18f82b09d2b9c706cad5939446d8baa4353fd0620a2f68cea79878824cd2313594997f0f8403c13ff767e6112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
7ebeab669265431ac5197bdc499fd8b3

SHA1
dd932362252099f38c554b0d092b29db2e2dae42

SHA256
f8ddf6384562b81877a42dbd1745093a7df591e44640e2bf49c020b5c25a8fcf

SHA512
715609b57e6b500a9e1d6f549ea5d0acdf8fbadbf9b314b99f48c6e582b186cbaa8c9adc530b3fccb6c429fb79adf5c5af255aaace32e3fa2a05fbbc3ae11799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c13c53d77bd142fa2ee71f60f9112ac7

SHA1
157c00fa313630958052123d9be08a2b8e690ae0

SHA256
08dc4c574c31dd9f834e035db89d3c458c9ba33a604afe182fcaba1472fbe234

SHA512
02d5a3ce5ce18c7eebc5645864b217f834ef7b66f97a095216aae2f9eb13254166b72e3bc7596e217cc81c3f02fea7cd5ef61d48e072a98f22958ea54732e9ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
a2a2c270fdc9493266dd35826e6a92ea

SHA1
d4cf31fed71ad26110ee6315a05fec9e5a96433e

SHA256
dfae390dbdb7685ec4a7c529ef84feef4dc469e18439fd7f575d3de29b57ac5e

SHA512
bb170cb630f06670e26dd68cc671d8856c7271f444e15ea194604d9cee3e9e4527d52f66b8a6bf2199b015a7265142c6c022e31120f71c5efddc307b6db04475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
204644ee35a8b5a4a3103c4378dcd023

SHA1
cac3e8b9ac8722f461b8c2a4596095ccefdf81a2

SHA256
e4ebf9f5405ba53549e45667d9db4b694c67d87df0d3043ce0f7a73130aac5e6

SHA512
cf86dc44f19594ca59d14c22f4c331d9bb46d5eac2e0fad6511f04cdc7ceaadeac08adb4f9cadeb115b651d91a7b7251d19436292c8fc4a7c40093b121bc7d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
425B

MD5
e71754abaa2e61a81d5464e5f322c6bb

SHA1
ed51b2bb10f2c0b2032b89d199d56b1d86a65b63

SHA256
2175ddd06fa91dc44f9fc31a179ca10b597c68ad3691d9dbbbf7c26a5393077c

SHA512
e6cde936617fd7eb52f6c99e1f07faf75e113e585b42ba57e1a4c79cac687ab32ecbb269f4db70acc14949b7cd9e96565a2b5a1dc147b25139751fc9e484c82d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ba3a873939a51e84531855982baa20b

SHA1
09da940389a0bc5009b8072ea666d63c26f9355c

SHA256
f5e2e28bf344ce8e52e6ae06618227e3831fe8d32f8a850e232749d7848416c2

SHA512
ccca3d4fe4bafacf230dea6c5353e100b6e7c6639e02fca035f7c56619e67c9526d04cbdc79a8f2ebff7fbf3a17ca7c9f6e6915cba744937d80ed2821cb242a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8cf8a5f1ab8325736035455d804f33a7

SHA1
650c99f52ce61d20cda350b9e8caeb9c00b7bcc1

SHA256
7c7cd4a2f4c356100dc8e08efbe2b3475c30e24bd4d5b927462a68bb99e26708

SHA512
3524ac416301b8583abce6d0f0dd78a593500f8f9db795f1dc9b4fdf0db59bd45d00deff3479c77d32db10fd6cd76abe60eabbe3b4950ba55a6e5012d6aeb5b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df16c378c80c19c484b3545d4c9b0fae

SHA1
9bd7f6a02d84c28373b198877e78da12cb537fe5

SHA256
434f0136b3286f391fe5a9a0e2b675c46ad61ebbe1c1333798b18b98ba250785

SHA512
7417ab6c2aac5a28ca3acbc576ba73d19da746d5fb492267dacb46a8595da77be9338ec620a882005d871875aac61632577f23b44a170892d1cf871416627343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4a078fb8a7c67594a6c2aa724e2ac684

SHA1
92bc5b49985c8588c60f6f85c50a516fae0332f4

SHA256
c225fb924400745c1cd7b56fffaee71dce06613c91fbbb9aa247401ccb49e1ee

SHA512
188270df5243186d00ca8cc457f8ab7f7b2cd6368d987c3673f9c8944a4be6687b30daf8715429bd1b335391118d0ce840e3cb919ff4138c6273b286fb57b2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f85d9589dae178ed0e03adf1a4d41ad6

SHA1
d94d480445cfa6d667d17bb074b8caebc8877e6f

SHA256
7cc358f66fdb7724602d520b057c36f01abfe10fd87d6e806941b76febe10cd5

SHA512
60f02b582930ae7dcdd381a9039483da1f3e9a3ccc1f26a895c7fcdb5ff75aa4bf37f4a71cc9d86409d277e1142672be1e7b5ad89a705f026ab2166f02387a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e1188d3000577244477e71dea967395f

SHA1
f32499896fce73c0ed127b8295b0e88899059698

SHA256
9452012c7af1a53d84edf0b3a759794d1060acd8216a0c5783b2d8105a348a69

SHA512
1f5cbd8997f85611f65be439e07d1f3ff2dac02b89d6a38278bc2829874a7305ec1cac99faf8c7e6e7a19a9c55011a9b4fa7e2f4008fce4cc0f4b06db100a684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
31cb6463f4ca640cc7d46053d0019937

SHA1
9631887c0054c3c38c3b9771c62de4c1d73c4d39

SHA256
2605b3edc7fc51214140283d43871ffbab7ba73a781702b6e171115529c8bf94

SHA512
d2e6f96daa7015dc7321d367e291604747f340162e0073514e687c6f6144b7130997bbf2b7e5993f9502f09c085ddbb1822fae546d26b9139420c0a5079bc4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e781.TMP

Filesize
704B

MD5
5a8b9f81e170da42fc59febbe559f514

SHA1
a9f74aa1f17cb03ee3a87932f4a98d74c90a9daf

SHA256
dce42ec26fd77153ffb553eb9be19dce10d2eb2de13c63601055b7ef9be8eb52

SHA512
99ad8324cedf5b45ee3fdea625df96253a07519d3a901f16765ce7b3229fb32030c8da8d2fe4c83c347c5ce817b521975e500c63823e80ab99fa088116c2668a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aebab82c-f0d9-4701-b04e-b7fdbb953a79.tmp

Filesize
1KB

MD5
2303583f94902baeb1a9125ddede50b7

SHA1
80c3b8087c6acdc2bb77ccbdbd4e550f7f326cc2

SHA256
8759419daba6b62a3ee64114bc94a91d38efdd18c642bce9f6db49c73b42664c

SHA512
ef21f8bba4c225156edf6011f18943ae7caa2983ede7a6444a0b7f6253dcf898c8e58d46f3261327d9c3f99acfc61afcf91a01055c8c3a5fd4359793abd6af8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
78ccddae14c0f5a6c1a5a23cd749d00f

SHA1
b6fa8861d0d5f9bf214b6ffd1ce5cebbabefa5a5

SHA256
432d8c0be64e274160f39159f85ce1b1460a8e031d530046e3bffc9a9acf29e8

SHA512
22e2657d39800993d5d5ef1e76bd2cf1f1b2213e2497ac04c731735a50f50855fc1fbcf26c807316142375d7452f5dff7122062f14dc424045333968dc210288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9e505f6287acaba5a759e4c78634149f

SHA1
e67ed39751c642f180d988ae64c099e3957bee32

SHA256
64cb978a250c4220c7319c066ec711b06823b9c1cb69133c665d14014f7f2bd0

SHA512
44a8a734b37a3548ac9a9d9bbb069146a1933d22f4cdb47a81bc985cef01aaca65c80918f50af66994ead27b8e30246cf5468a1b258905f06c35d9560a2c1281

Download Submit