hxxps://app[.]frame[.]io/presentations/d69c12df-2ebd-447a-896b-1e6f1f3877af?email_id=a85a46a4-31cf-4d5c-9cdd-34e0217e006a&email_type=pending-reviewer-invite

Resubmissions

11/10/2023, 19:57

231011-ypkassbg74 10

11/10/2023, 19:52

231011-yldzlshg5w 10

11/10/2023, 19:49

231011-yjyk8sbc72 10

Analysis

max time kernel
81s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 19:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://app.frame.io/presentations/d69c12df-2ebd-447a-896b-1e6f1f3877af?email_id=a85a46a4-31cf-4d5c-9cdd-34e0217e006a&email_type=pending-reviewer-invite

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4768	msedge.exe
4768	msedge.exe
2800	msedge.exe
2800	msedge.exe
1952	msedge.exe
1952	msedge.exe
4380	identity_helper.exe
4380	identity_helper.exe
5340	msedge.exe
5340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 4064	2800	msedge.exe	83
PID 2800 wrote to memory of 4064	2800	msedge.exe	83
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4440	2800	msedge.exe	86
PID 2800 wrote to memory of 4768	2800	msedge.exe	84
PID 2800 wrote to memory of 4768	2800	msedge.exe	84
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85
PID 2800 wrote to memory of 4772	2800	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.frame.io/presentations/d69c12df-2ebd-447a-896b-1e6f1f3877af?email_id=a85a46a4-31cf-4d5c-9cdd-34e0217e006a&email_type=pending-reviewer-invite
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8249546f8,0x7ff824954708,0x7ff824954718
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11260079935860072048,2791028626094076158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:6056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d25fc6e43a16159ebfd161f28e16ef7

SHA1
49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4

SHA256
cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5

SHA512
ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
3ee0ec6ae8b771a9066cd9eb9a253c08

SHA1
eca586dffd8daec242a4c99c6801ac5ce1eb77df

SHA256
6872e864114ebfe62b9b6972dd234f8994cfa1dbc60f535586d6e6b5db8b195a

SHA512
e8d110ce568e04d576daa3bf927fd50bc86c1dae328e661e8a799cf87d1990ab6b7f58adaded882683acee000c7e097a437234c8346d039b6df23d54b28906e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2675928a6b2f48f31c0082b04405bd65

SHA1
bb38d36b0b5b48350dd8853bfa6446ac94a0c2bc

SHA256
f38133e9a17f4593680a28206b4a795305ebffd626af5d065eeff45d378636af

SHA512
919a9466518764ea13ecb9f934aded983fec8ad0e719941dcbc993316978167e7ef4483a1925dc290e02b578039173c4f08da81496f5fef1ca2d096ea23ad60f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32c93295c71086f79ebc7de826758425

SHA1
8a4e935834410f81466f745fe62f7b987916e930

SHA256
8b52c8e855c5e4fd6a5d8a8a11795325b43b96de82292a7b21f725f0eba0db4d

SHA512
61b35b0b1f142e1dd8481f40aa72fcb6becc410d11afde61c3e88a24e963ee3865e4a8bc14ec7947f131e76ac935fcef006917c554557facf8c90bb1ae73c33d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a9a69a97eadf5bd74863b42a65497a0

SHA1
3ee6dbf0cf2c4027c9f9a00a69c2017dc97fe54e

SHA256
bf7be1abb9891c7664ac1f22aec89d7a4e092eaffa2440f67391bcf05896cade

SHA512
5a8f8e26f2f7d6519ab208ab3729a1270306b9f8cac97c9fc558aeb0a937c564b76e2cd7a3fff0214dde25f9925300587764b4d7df16c8558b1a22eab20f0dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d9bb3acbd292204ca8b7aca527b4a51

SHA1
cab286660b2d09ec55acdcc53b3078078363939e

SHA256
efd309c9ad4e66ec753abd94f2fea5954da2e8ffc412ec5ec7280c222418a5b2

SHA512
1d438525cd3e2d55f19666563d4ecaf4929248b3d64c9201a077aa32e8927ff9ee672271de4aa6a12368b094c18b76e11a136785f4a92c3dcd8f396b4d841efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b52b002e475206a1a58ea70231cf0ed8

SHA1
14b52baa2b396a4df89626c405f63e074844214b

SHA256
cda55f7b1533089222955c1e30650edd6006e9fbd99c962679c7868f1ff5ca12

SHA512
526615e4de3ae882a5a0b208dd03ae86dfcbe211ebea785b057d460c5f552b0478dbe291f8f73a2b8bbbe42b29bc51f334f0f03f78a77509460318a1f404cbe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c3f79f0fd525ce32e105ce2565cad0aa

SHA1
dba5544b49ad5879575687e1163c549ce793d387

SHA256
ac3f00e3ece888c87a5667717ddf622bf1ed7e23c0bc4bd2c1893a87eafcc65a

SHA512
9e8df2a97db326ebfa2b0989de4ad8a41ace325d8d943ab733dd323ae5317ec51e54f6eed43dafb5e0d265a972d19816a02900b575b37f996e741c18859b53d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d555d038867542dfb2fb0575a0d3174e

SHA1
1a5868d6df0b5de26cf3fc7310b628ce0a3726f0

SHA256
044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e

SHA512
d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b79148740a8637bb2c2ca91a4146749a

SHA1
a563e214432d9134c038059164503ad7e888e8d1

SHA256
087a451ab4404c8f0431867471cd408a49e729d816642732ce06e916a31fb2a8

SHA512
b95e557eb7ebacede528d454dcb673bdca56d0da3509e58a7e3c02b1819cf9a144d685c545cd06febed354625d1e975bff095818482c9e75ecf8e17efb0f3d97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cb56a0487b26a92a3ff63016a8d07a16

SHA1
a615034e6929aef08f502dafe78179c9a65e2ef5

SHA256
1e2c85a1631523d2225b3423d7bb9fb0f04646e1c4e14aa844b635d2ba580e44

SHA512
387f4846687a3f87a9a0ea1c77d2c9700bf081eb4047ce51616e7fd45bf235c769099cf94de712ee9bf89af7c7feaf1d9f65646caacce05f4b4ad33c31d37a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cac7d6a1298c76b688083b3aecd586e9

SHA1
9624f54e8ca76ead4e4154a862044d69a34cbaa7

SHA256
1b29c621b27c998d45ffdaf5f4ce4bc14ea126f45be122c0f9545fed561512b8

SHA512
290ad78b4fd92f2374ab14a1b1e2f210ea21635f9b0e8efd3d4bf113c3df6849529b8c9ac38afffa11fd0eec85fd517fc9fd13fc09d592e5ea9f19b6e69a3d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c8e.TMP

Filesize
2KB

MD5
b6e81f412b0f381b32c92d0f66684bd5

SHA1
6e20d8cf201b24ab686b86a6f28ccadecb267549

SHA256
5b97fe6ce7f422cdd2a0c563674386634038d041a610c8f73ee08fdd3f9f8ec3

SHA512
1a27281354bd745cb75fbbc21debd920a32ad422993dd66506a50f86e924493b622826ecf650c168c0f743fc865a3e988bd061d26243ece8bebd6b815459cc0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9760c9e370c491ad7b274ba8207f0cb9

SHA1
7ba4acfb96a98a87ef62773f222066e5b0c01f25

SHA256
1c69f644acb9a3052447389cee1111ce89eb381e83bef04d5b37e3979f708707

SHA512
223e91c95edcd54bb4c21085fbb395e1e229cdbfea4dd471ec17fcfe3f06247bc162abb5df5f47f6952f5e3fe808707f010bf505c660f0b3ce2824fcd4f47efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
95689f003b9efd33eba4b0e58e82a5c6

SHA1
89a61fac3e2a9b231f23de2225f0fd81860d2ef0

SHA256
dd189cbc7dae2d288f3a791fd4133a228d8f5b12dea5aab37cfe50434e7f6087

SHA512
24439e9f2fb64e45a7a396986cd8262ae55c034138c5bcfe5fa03419d4d8cfc5a80f1ab3c5718f7e707d56049ab74741cd80c0a2e07f1368610f44ca0eb4dec2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\NEW PROJECTS.html

Filesize
2.5MB

MD5
0602e6b0445f5698bd5a70bb6b60505f

SHA1
1597ededba46b6a3a6d84aef05322a884e5d3923

SHA256
71ec356704d6b894d2259bcf9492353cce57b85bd559549a010e3c2b96fad99b

SHA512
4f94cf8ba9ef7aba69f95433d5ef61154cd84fd5222ecca0d03fee6b39f3bb21d1aa9a3b9a3bfe6a654b49addb5c7ee2ca415db29a23ea0eacdfc871ef2ade12

Download Submit