hxxps://acrobat[.]adobe[.]com/id/urn[:]aaid[:]sc[:]VA6C2[:]e4645113-f2di-4ddc-8036-7b33fda91d05

Analysis

max time kernel
166s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:e4645113-f2di-4ddc-8036-7b33fda91d05

Score

10^/10

adobe phishing

Malware Config

Signatures

Detected adobe phishing page
phishing adobe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-557049126-2506969350-2798870634-1000\{388DB33D-11AB-4404-9821-C29E00C4E0E7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3632	msedge.exe
3632	msedge.exe
548	msedge.exe
548	msedge.exe
2928	identity_helper.exe
2928	identity_helper.exe
2072	msedge.exe
652	msedge.exe
652	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 3468	548	msedge.exe	86
PID 548 wrote to memory of 3468	548	msedge.exe	86
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 760	548	msedge.exe	87
PID 548 wrote to memory of 3632	548	msedge.exe	88
PID 548 wrote to memory of 3632	548	msedge.exe	88
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89
PID 548 wrote to memory of 3708	548	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:e4645113-f2di-4ddc-8036-7b33fda91d05
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa52d946f8,0x7ffa52d94708,0x7ffa52d94718
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1048 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17575155076062843885,5200407408485979513,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5636 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
27f5c61402e719de7419448a51cc5b06

SHA1
7566a59f71f2153fd26d3bb47b802403e2fd6038

SHA256
4809ffa957fb5a28c11f7b90800c67b51f70fd91320aea750c0cfb4fc969a7de

SHA512
5181128c72039cb1caf9b75ad9d777923ef2b94e8a6989e5899f2b32d24e6fb6953aece409b62487e18b22a61141934d35c649dfd9d7dc6f9dd66324d9a2b376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
6a3d9fb5bd418da265c52f5aab9508a9

SHA1
6a6b50ef6ad903c9a8c8015193681d574e475cde

SHA256
63146ec4b9b80e8cdb0b8ca6ad4310f7aaec430539c2511288cc340d34171e89

SHA512
2f91bd2b7b4b492cb86f3be560fd5193d8845e52077ff6e567a1415c066f76f82c27ec235ff1b59ea86d151aea22606dff112485492e3ece4ba815831810046e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
817B

MD5
1312bb3b1628cf96ca300be28bb45f6d

SHA1
de3349f00f548839a8dc07bb913c1342f7260cc0

SHA256
c580c9d903546d097092e5055b3a98389c7dae02524aded17a2150916d70aff7

SHA512
a880ff225c20488623729cf286abc675f6670c749dcfb8d89f0e4db3fe102fd431b27b8237f555c662b5cce12153fd00d4fab776e20f5bd4234394c5055f2636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
899B

MD5
e7b484b6f0d768d9ad20d1fab84bad34

SHA1
bdcc47973ff6d0f4782c3806cf5b2d6cb7cc8628

SHA256
309798eb1590dbee238a72070b4adf626ef297552551446b06f3b148cf316a41

SHA512
28f5d6faddb376ec0f323b443713561b9a7def8581a606b174518be9f27ebc57c39ed84e9d38eaf6c7cacef4f1bd9b8d30ef94d0f9efbd70450191ebf5b5ecb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a895531633c5e3f0d729ee68a2f5ff2

SHA1
c9d59dbd7f8bdde62b83b2fae004a7cd98f98a81

SHA256
96ce5e481e469810ba3534828e261438f1a0fce9837874d24c8c95499076555b

SHA512
754ad58c120f47c9e48dbbc6996aeda85ebd665cf5a350590122d4481b6bc5b6cebfeebb794845d9c656872dd4e7a18abe48fff65a69b92917430feb9b00738b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cafbd6aa1dbbe7acf4f58a5bbba96995

SHA1
1fc0253ed75f1e26d2bfaa068ba874f432ac92e1

SHA256
babff33cf4909d1a9c489aafed03f7ca626181ff04b7c0f0a73f63cf1b49c711

SHA512
598834345b337f519455191f3797d146934f5e95a4105615aa38be5e4766cb0c9d3ecb426ff3985c709449dede7e16f644b68f39408899472cac9c468423fb21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b0af9b4d33c4e1aa4c717721e4cf188

SHA1
8033108e21e0c6be737987a9deb066918ca4ad3a

SHA256
ac29aa09c6d89075d5d4e2285d08fb8ce8c5e3b83a614b9c8e874cf2d9b3a8a2

SHA512
0f10a7f0827cc831e70d5efabc876a65c126aad57f32f16d3d7a7838a4c8c2daa0d37a797ee26697f1da52e9cfba6370e7890a848173ce3319ce0a755b48136a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed60a1fdc5c9745d60ace3bc29466a86

SHA1
ba37ce9a4725b2ee6f28817df9f6f05cab37192c

SHA256
dd7d9fdbbfbd96d424b8a17290a3cdd9fa2bf35e6f561692d294bbd2d326c1ac

SHA512
b9efdf84da202aed0b7c83d7663556b564e64857ccd4dab4b653535fb50bdfb7560276ffc7a3c8058fabe5e08daa79ab4dab80bb505e971a22ad6d6fe18269ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa2d4f2c7ab85ec8c62747f326676b10

SHA1
1d6ce97adc15309bd113c8647b0d284e3481147b

SHA256
c7a6d87eb48cf95f619e952e438144a31830f233356f189966cd1dd96ef0f46e

SHA512
c9230ee63983afe90651d54a06840f99658c3141bf753002677fcbadee5ff3b679b10d8328c7c1ac2e6b1251ef168f42c60ad9f909a32131f90e26d37d5f8782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
87f4e085b04f3226dbd6b19a453e382a

SHA1
525f53c402ab53fead57b4c449df30fb65f888dc

SHA256
2b185529724163ae32786b2557fa73a08030391bcbe59f53b09745c43b7bf0d2

SHA512
bd5f770569dd6b4f1280fe2b05f95f77e9c23e2baad50174f3e3f811d47a48c601eb1aea210c1813687f14ecf932c7ce0cfbb14928abd21f82e6ea6e1486913f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ce86d5e0cca6a241fb6742b7331e49b9

SHA1
de7d9038241822d8163b301e79347ad53cc6922d

SHA256
371ec0c6623314e3c904da561402ed00a8e0ddc45d10980b8787a12dbaf68a47

SHA512
46d6f3355033fd790726473d0439ebaaea5bee9b57c7dd66d8300e4f9d7e9298731ec962f07129b9b0168e2ec70a17c6af01dc73997372f201509573c1e05567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f53606924cba9f8745c738b6a573d6ca

SHA1
72ee0effc38d14c312f9c84c11120736bdf281b3

SHA256
c395a3ebe8deadcf1dc0ae934a666e0e239e1d0258003473112504b6ddf03b53

SHA512
5ec10a720273de5700c19e22fd6f255fbe9870dc9d09fe32d0c3c3710fd869b0a72b4677ec25349163e09ab04d049e3730ceebcc512544d6b54e3742f18d972b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d0dae117ecdb9c5a3b196528f6e442e1

SHA1
7b7067f763a4955f53024d280173b21421bfe22f

SHA256
de6da2cd1ada632add37dc7adb8566f6eea53f2f96a42229290edaaf7d41bb10

SHA512
731556065400ea8802df215a761254fa93057085676c41dea58dd1ad2ef82f09fd71dd6454e2234745d2cac63b1a8fb9e24ca125361039be03e57a8520f33134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58da3e.TMP

Filesize
1KB

MD5
2163e4360b22c111925304b370bc249d

SHA1
d9116c463284b7a91b94a617c87918a2255cd638

SHA256
2c08724b7172a42a40242a3915062ae6d5eb18f853bb4a2ed7a05969c650b8ea

SHA512
ac4eeb5d406ca4617762ceae61c2b0c870a9b685ead24fbe95137072f5db403e7258fe3ae3b9380f3039aabfa4ab0bf8e4295a82451d8edaafbc82fe53b44989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
315910e5e6929c3c6de1619ace378110

SHA1
96e829f3dcaaff1617c4700f0dd3aa75c2e664b8

SHA256
1c753cb74ddc4b401319215cc83b9195c51d1e4e865ab670db0f16a233d3d49d

SHA512
58e36f8d767c80d794a3138bfbba53e5d70610f7c767440ffc1ad630f3a889e86cd966da4c6db8fcf95b039139b8949e6b5c64c677e1951f00f3c35551986e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8a1a8e26ccf09e6cd166af78f164993e

SHA1
e4cef0b711861840526614e8b769d0ab65c4d31f

SHA256
775e1c5729fe126448a9e1ab914a6656d98b62f0f1a38d860187bc199e003476

SHA512
7a25d4f9b5f09a3306e5687f99fe5519763c67acfbfd096b5e7d193540d8e535d70a72ed588254085011e1a3a66be9a0924638220e13f9dfe860e48a9432021d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit