hxxps://docs[.]google[.]com/presentation/d/e/2PACX-1vQuAhjrDGYcemgFcPzx1yVa7eQEod21UyyjGsUvaZxYHO9ZUvFxYlA8okUMo8tyyYQHLLmqZBka89Cj/pub?start=false&loop=false&delayms=3000&slide=id[.]p

Resubmissions

17-11-2023 02:33

231117-c2cktsdf79 5

17-11-2023 01:54

231117-cb23ssec8t 5

17-11-2023 01:46

231117-b65xhaeb81 5

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
17-11-2023 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/presentation/d/e/2PACX-1vQuAhjrDGYcemgFcPzx1yVa7eQEod21UyyjGsUvaZxYHO9ZUvFxYlA8okUMo8tyyYQHLLmqZBka89Cj/pub?start=false&loop=false&delayms=3000&slide=id.p

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
3368	msedge.exe
3368	msedge.exe
2148	identity_helper.exe
2148	identity_helper.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 1784	3368	msedge.exe	28
PID 3368 wrote to memory of 1784	3368	msedge.exe	28
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 4004	3368	msedge.exe	89
PID 3368 wrote to memory of 3960	3368	msedge.exe	88
PID 3368 wrote to memory of 3960	3368	msedge.exe	88
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87
PID 3368 wrote to memory of 4668	3368	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/presentation/d/e/2PACX-1vQuAhjrDGYcemgFcPzx1yVa7eQEod21UyyjGsUvaZxYHO9ZUvFxYlA8okUMo8tyyYQHLLmqZBka89Cj/pub?start=false&loop=false&delayms=3000&slide=id.p
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f1c146f8,0x7ff8f1c14708,0x7ff8f1c14718
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5978490464584975941,6944452027546383317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3d9312c7-478b-4141-baf7-eceea0743f4b.tmp

Filesize
7KB

MD5
37f6af917cf0bb92c829fff0e662f993

SHA1
bc3a9ac73a2ea88ce0fea6cee225fc5397360ff9

SHA256
1a68c094797fceb4c5a2161a05e446227fff397b28f2618fe9c749d82d64a377

SHA512
7e4b8255e4644fb322b5f584efac0851515433a880bde25771fc9a56b45f9b8833626c5ec5ea74331ede5a678eac54cb2a654158397e3487749f311c425750d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
103KB

MD5
68b3385a6dffc8d64e019832acc918ed

SHA1
7d29dda429ced1040ee8959b5688387d4dd1b4e0

SHA256
17190922204c288b25c7db6b10eb4130b147c53171e442b25bc1f2d56bb74aec

SHA512
3c90deebed1c066b1629adda526ada2821ba66dc523910c71d84bac4d88bfb830965af355c132ba9d7aa84acb58bf602ed9b4c70f6e2f42a1b4cae203ae85426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
013ceeeef3b0bd3c1b8be2aa32c87bda

SHA1
ff6a3f800f73883db302f8cd00c3e40e953ce3c9

SHA256
8300f63ede14ca018bd57be797c53a379319bad19abca6a20eaf8a3e6c1cb710

SHA512
6c635f38cac733c042bcfbefadb280f26e090615bf0b6c26ab400bdba09ae005f4aaa46da54100effca98ea63721ff101b1059c721e16eda9aa86366056b005e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
b6d1bc151ac2cc9bf4f4ac1e0008c793

SHA1
2126240dca865422f12f24d303e0d75b04736cf5

SHA256
5b423f12e1cd8ffae3a0cfeb5793ebbda6f0d0b14a8185c4b0979f4500809130

SHA512
04575993dcab63fe6b9ce7bd21f897c7a737bf23a39ee3db5c2f8959cad58a8dde69b8ebf6fcf5a21fe1af15b73bba2b8b14938e0d6d19eded99545446925550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e79f8851234ae000133baa84a99c5f20

SHA1
322a3bb4701c69b1868a84178d4d24080fdf304d

SHA256
aae0eec8b07d9cc7dfd55c2f8c3e83e450048f2bd7ff4af6ee3b906d17748361

SHA512
ab3c1ab70c187c52f6b3a8a89e80c990c13d215fc6971aab06998da4bbf0cfcac69e5467e86cdcc6b88925cf574b974263ce906f9a72bbe846cd3b55d2049a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c88a88894ebb9bd043c19e7e8838f452

SHA1
8e832b766b42910842340bef8d724fea256c7e47

SHA256
369f71fc90541b94a0700258314ad07ef945ba1cff2e162a6071541cdf158ea8

SHA512
cf6d433729ea0d09091ce6b1ab1006bac9307164743a91fe85e32c61b6c5c1482b5aebd14e04a6d10c8d02e4111d13cd568b256583f3584f716dc293938465a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
693e62bab368c90a073353b74e46856c

SHA1
779438e80fbd9d20b0f9f5e58e4bd4fcdcf7d3c9

SHA256
a718f827cfe76c3844a3997bc618076b5f50151253807821646aab69e2445983

SHA512
c5b2d9cafb73f6476b83ca41d5e55a0f5323a78fadba011c526e42bb73acf9983bde2137b6dfdfafc50ee2ac71ad67a944a9707cb6ebab478612eaf4f27af416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d33a6d9fc5bc839d49e578736875a7b7

SHA1
c0a3da20260895becef1cde9afe28c5131c21653

SHA256
e6cd4e55c6b73d68e04caca55bf72a31978781d230171b83c7e23bdf43c6f88b

SHA512
b364a8afbc8a674ae3e96b4bdc8307395b3746399bd65b420e7de35b7cbdf4ef2b465072a1a784ed993deafd15e0bbbfa58e1c2a8e71411bab09c19647ec31ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3fed8b41425a63489164307338ac71fa

SHA1
fa4b4a4b3bbab44f70d28e37d677febbc27a80b1

SHA256
b80aacb7f30f6cf7f7a8675deaff55b478bebdfea379009c60a0c0947ad79e2d

SHA512
4cc503b62d15e80abd7752211b7f006faf728593b49841dd2e24a500061d965ddc6e18c25a649c6c619c12418ca177d7178588c188ee7c55465b0f0d1e57dd70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
610466d53243f35e1dcd9833855568be

SHA1
22bdb6d5cdf9aa48c3ec51ecd966c554cc8adfae

SHA256
344b1ff63fcab1e17d2eb9063e2342efef8c1a9097ac049dd0abf3446effade6

SHA512
a55d2b2c2980533677e1730179511ed09cce91d9f922b61b5910ac87f9a773070da2e7e9f72c450a45245ad90f95289e52dbe643bdf88ebab9189365280ce8d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1197aeff34cabe74e62cc0e3e05e25b2

SHA1
aad626fb06599e7c16f94d88c12dc2419b3a8bf2

SHA256
d1b5e5ec296af641513bb2a53a80a19e15145d2d32636c94e494d6d6d1b3ddbf

SHA512
dc17c0d4d58879024cdde3c1b4acb58e671a6a69c632576ca36aa966387be4f0b83ca5a4beb92e28919d12a515c6dfad743154ff449db07cfa9a218c11cd2273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ddfe5a6bc31ac54160f0acd6387fae3a

SHA1
2ada8d5b66bef93706017a7ebc93e46de97045f9

SHA256
3c2117626aad204d4f565dc34314f2d3aa6495057651cc13f0ba0ed4c0c07cba

SHA512
4d63f9fa1b4fdf3e2ae418f59518f7981586e0cd6bf4f288851d51151ba9c80ff0ddb8da245feae2ad4ff242e1eac86ee2a0297c2e2a1e79ed68c72029104b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2638cc834a9e1ea0ff09ef05a93e192b

SHA1
3cb4410ee0af5f8803c822cd50ab72886698853f

SHA256
b73f40735339552fa6bf3fae76eebe39a6adc526afd994665cdc90255c98b008

SHA512
873472cfcc2d58f810b58827213d8c20613038629db1bd83df9d761864cc9fb9ad11d9d3fc98c809c163fa49379bc43e0d7048b41ebacd0fff8357ba08f94358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6fce60cb22638e532891f416d77b2b12

SHA1
0eda6739b0d9356468a519ef05e19fc2bcfcbbd4

SHA256
91ebd437cab5622ca3a457c7f29ac788c86b137ed2eada4b0e4d5d7a58e62826

SHA512
f8a48073f2c4e5aa1eded533bab4d8bbf6ebef1365afb73fe20226c98aa137a17219368a60e3c7e1cc94b0a120afaf851d992d1f78062c48fffe156cd063a87b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5781d89cad2886fdacee8dcf8da2ec49

SHA1
eb97cc949cf57a7679093ee61ecc2b5428c8e12a

SHA256
8ddbf2a4ec594fabbc952f78e621508899f1482f1680b2243de4f6ab53ea9524

SHA512
720a67c678c0e518b893e4c489895b01f212b40f4e0e93d3847cd60b377477c3316c6b0586340276d710db80604792e3b229bc1c98ef86f502942cf738774320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69ec4570232d94fc740b7e75a54ac547

SHA1
d309691773d31d099ccef39487a0f971482ed74a

SHA256
0b8f155397849664db1fe808ad0642ed738f67b0da8efabc43ef64c207678c59

SHA512
b8090c684b6d401e10a1e8ec7684539ef7a66b858e6d175f65386c06be862194b69cf9485b2633a085f33966a0e1b9f394e717949ecf0a4d3d92c7f13a9fb080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
52c3fbf369bbe3ab5c53884f4423858f

SHA1
95e0647b66f01ce0b8ffbfef005962505e067b2e

SHA256
0fbd5f3ff553184dee52c22ff536a28315a8b0dad13c0b9f9a9ae11b0056791d

SHA512
ac391b1be3b45147b57145184ced9ac5f9ca698210a7cbcbec2939963828e1ced9e4b9213a7a986f48c617073996659892b315565386e1f9d036d8eec68e1be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
be483da71202e446f1eb7e965460d46a

SHA1
5eb84a6ee22faecba5351a1222391cb126f10b95

SHA256
1b7602c4e6054967a83df3702bda2a56951e8c106321482bfe85d4e79b4dd18a

SHA512
f3f31a29efb3dcaeb07dd15ff84f12ac443cb1da97005206a3503f2495b5b746e3b150d6b7e1131d00862d83b43d972402933cd4f7ec1824c17a6444b57a8e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1653a7859a1b8a14dbb5fbf01ff92c34

SHA1
998082d7822d134ce37ca4f98ddcc7c1a52189c8

SHA256
bccdcb14131e76d9508cf688af4e25568b49f7e1ca9749ac0e316fc6301f4ba5

SHA512
3cd536ad29b61782716ac44edb82c985a605ad8823e3d172eaa8e8ba68d3691133f994038bc3b59bb965a67749ee36bc8bd6881f91df9cc599451224098a8ea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e3b9.TMP

Filesize
371B

MD5
80855bb6f388133cad6b17cf3bc8ba4b

SHA1
15895cf4299dc8bee017f0fb6e1f5b896adee5ee

SHA256
7bf4db920bbe3741e582b889aee7b4da661991c7c1574484bf429328de659b4e

SHA512
da0ae50387a8b809aec6df455400704bcef6eee0dbf0d80fe574097bad166b04cff8d614c50d9dfeaf909dbe1f935f30a801e63364bb4a3e6758b44916c1043e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2a383bc5feab3581f08192abe3d59ffd

SHA1
ab80022852f3b90ed76eb577c5befda819896f7e

SHA256
60d72356184850c14985fe56b8da7786aa0d73cba585ab61f3da6eaa3e0c8edb

SHA512
a09ef793921af195bdd2cadf012302f4c0ba07861368c19f870f167332e523e243096b1933b2f0dd8a7e57eb55dd808f578b4c21689d2015ba123e27d83ae957

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit