hxxps://onedrive[.]live[.]com/edit?id=F23874003831D136!125&resid=F23874003831D136!125&ithint=file%2Cdocx&authkey=!AJwHmS4Q6zX0yQY&wdo=2&cid=f23874003831d136

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://onedrive.live.com/edit?id=F23874003831D136!125&resid=F23874003831D136!125&ithint=file%2Cdocx&authkey=!AJwHmS4Q6zX0yQY&wdo=2&cid=f23874003831d136

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 3 IoCs

phishing motw

Processes:

flow	ioc
339	https://login.bitvavo.com/u/login?state=hKFo2SBJRDNpM3o4RjY0R1Z4N2pBa0syVnRwSVJySjlwa0dCVaFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZnRVhKdDZEbUQ3S3VkUmRfcUFsSnpEV1lKNjYtcEF0o2NpZNkgY2ZMMm1vNEtWdGQ0eGhZVVdxdHRXRWJPeTRFaFpCT1I&ui_locales=nl
188	https://login.bitvavo.com/u/login?state=hKFo2SBJRDNpM3o4RjY0R1Z4N2pBa0syVnRwSVJySjlwa0dCVaFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZnRVhKdDZEbUQ3S3VkUmRfcUFsSnpEV1lKNjYtcEF0o2NpZNkgY2ZMMm1vNEtWdGQ0eGhZVVdxdHRXRWJPeTRFaFpCT1I&ui_locales=nl
188	https://tr.snapchat.com/cm/i?pid=2273d5bf-f95f-4569-bd1c-5b4a56dc43fe&u_scsid=ac596717-e2da-4db6-893b-0ce467ed5511&u_sclid=9408715b-43b9-480c-a5c9-ca9777ecf861

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4364	msedge.exe
4364	msedge.exe
4644	msedge.exe
4644	msedge.exe
2292	identity_helper.exe
2292	identity_helper.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4644 wrote to memory of 5072	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 5072	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4756	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4364	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 4364	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe
PID 4644 wrote to memory of 3504	4644	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://onedrive.live.com/edit?id=F23874003831D136!125&resid=F23874003831D136!125&ithint=file%2Cdocx&authkey=!AJwHmS4Q6zX0yQY&wdo=2&cid=f23874003831d136
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa35f46f8,0x7fffa35f4708,0x7fffa35f4718
2⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
2⤵
PID:4756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
2⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:8
2⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
2⤵
PID:512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
2⤵
PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
2⤵
PID:5328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:5732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
2⤵
PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
2⤵
PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
2⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
2⤵
PID:920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1449273184909525238,11544938309283236489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
2⤵
PID:6024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1044

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6361e343-ee23-4ba0-9437-8782833e05c1.tmp
Filesize
11KB

MD5
bc2d1785de3a319adb0ec6bcb8e17b12

SHA1
a0bc6941dda1625e4b5c752a7f9c8c1ca48433c3

SHA256
b9fa5118644227ec8aada631d4539f793f971111cb7a39bb11a29dc5ff79bdf3

SHA512
d4af6c80ce887fe3c4491cf49d530be945552028c02489f3f4d57ec68f04568121d81bfde80ed2c465b5fbdbe19d7ba88cb1bef27ec9b6e44d996ea1081494da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cff358b013d6f9f633bc1587f6f54ffa

SHA1
6cb7852e096be24695ff1bc213abde42d35bb376

SHA256
39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9

SHA512
8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dc629a750e345390344524fe0ea7dcd7

SHA1
5f9f00a358caaef0321707c4f6f38d52bd7e0399

SHA256
38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a

SHA512
2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
816B

MD5
099c06f43088caaaacfd6e00189bbbfd

SHA1
86ba42bf60a090038c140c93b5acf219a5f0c3e2

SHA256
f0ed2ff52199d7f0b263e2d060be2223de933d494eccee98d3418715083568df

SHA512
bfafcf806671c1e66ba6e5deaadb01d6b90c971889ca30e2d27796c47c6f92364c382a1c46f4946a607c482e43c93be6b31f57a9826e4c8c93d6d035ded2be27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
2c48543f4f112c2b8798605caaef2fb2

SHA1
3a9120ffd545bbd71e434f0c79d6b9a2e73c4500

SHA256
8055d484e8ccfe05533952981129382ab2638437507f0203c53a65e54a313ac2

SHA512
af80b55444a234b520b52263ea1119d54b291b105d3f416e76014af2ec0d633f4d3a57b57832bc37014c4ca3dd52f753a2a1c65a8fb499dff8e16ef39e5a9b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
5872ecc588737541b4194697461e124d

SHA1
c5c5733ab0e528fab51f596a372e4988b0f5d1f6

SHA256
db0bd88bb586d31f7edaa444a50b34772305927e174eab46dc57e7ef1146cb78

SHA512
998b029121f0b0e105ea3cdfceb19ee59eaaa53d24f518c2be1d66839f0d151222341b785ed7b12459570c7a0f08fc9c38fc09dda81cc5ddc9aa4516df74dc0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
733b65c3e4d860f348717032c25e2e0d

SHA1
121ced19789326b47c0c27866ec7ced5bbf332b6

SHA256
0387104c851ab35607e6b7cd2553d0f8957cedfd679683f8afc3485900fe7d50

SHA512
1a6318b3dc8e48475ed638c4c86539f0717861208fca00b0153af6cc1d884f754fc51ad28d6a90c245c5e9ed4d23c5e7f363216544ce8e869e0501b88da70a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3a7653c0dc951f0ae31f153837e7783b

SHA1
18500a382b8c280bc45b90878596fcbe53c85e89

SHA256
8a3e6e027b45155cfb828784b0bacce92ccda0c59766ddcaeca1278f1cad6c75

SHA512
9eef50bda9f0e6a3b8f17c18affef6b377975ea835d19430ff91464b6cb21afde535b3b9e0e834f31ecee96c973facd09779b97f87a9ec54728c59004eab51fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
7b4effb113575f923a5e631d4c6a0253

SHA1
23f277d37238ef7398c172c4c02485112c6146e1

SHA256
281f2ab8104654932fa0fc991c58b083489a2a104bb1d5143c53eb385e25bb45

SHA512
a851e4ef07510c1e5c81fc7b9e09182a9440a113c671b5366a27e8802399a163ce6473d77b2d800c9e3f8511dff0a3816f382a7a8ef5ed9fd8d44a1b2ea7d3c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
184b26d8e912884b2106682d13221bb1

SHA1
f19dfc9c53dd34cc782d2a708c2ff8b58130ba8b

SHA256
924d25072ee0f8e3c9e7a5b5e7fc71af00b24920c2aa0d1b2a570ae58289af5c

SHA512
6960b931926bf30d9d51e66f2720eb08c9ac0777eecf976e48e4a1f47cb9aacaf725ab084ca3495f0193507307f9147e11e8caa416a90932176489d153b6d07b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3f92dbc683e74a242063207af7c286cce003121b\index.txt
Filesize
100B

MD5
81eaf748975102ca8ad4d2d8c44bff43

SHA1
f25814cfb8145fadebb6675471aeae8e012393fe

SHA256
faa4cd021bdf702d3a3edab47bbc9ca5d6ee855b51497a71cc254d97a4ab8f93

SHA512
8d3942d7500461928c05b83263ee39102a14365fd6d8760dc432ffe6dc3ce4ea7df9b872c08d905549ea39d45198ffdea62955b003deffb15f628cfbef10d233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3f92dbc683e74a242063207af7c286cce003121b\index.txt~RFe57951c.TMP
Filesize
107B

MD5
5c30f4ce95446ec39c2fec0be8415e69

SHA1
ab2c8e320bfe38856e059390a6f20be47474ab01

SHA256
7f8e0fdc7e1e424a2370b5d86fafae76185d24fe03abfaeb95c61c984678f0c4

SHA512
3ad6451f070b7c1334768c0ea814baec0cd22a85487742321cb1135b2321ec22d6068b847443bb2f8fd96b92fcf9d73b55cd071af8fc31f3efa2c898f894382f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
390d58fb19946c5105abcd3db9ea84ef

SHA1
629c5b11120bc07d99330ce3c9170da8e0970893

SHA256
e442083fa581ba81f208806603827658d58de3aa2b71f959d1bdd8306f640a77

SHA512
184782642c1e097ac9e0c23658ec94041bdfa88e4781594d7705ef435c79e4ea8f41a18e08a5f39d432128c60513641e02b967af1dc859db85beb487de17d52c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
53d4ef03b96bc7efdbc8b53f3ced77f4

SHA1
3f724410d563a8f1d10e165fb08f5a7e56ed638f

SHA256
5d401c0e2b0541c749abbbfab274faaa11b074a0b64ad012b6eae7382598c897

SHA512
88c15f9f4980f2c0ef56ea54554051e6a3faabe036bd8467c69d28f7d20a8c9b7aa12335f3f594941506e41b5ad2e677e403f13e7ad5e721a0adcaebb1c79e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
cb2c9e31bde640075404023b4a9010b4

SHA1
fdcaadb257217c59a81e4c074f2733404d901f2f

SHA256
c646649ce1d2f3ec3fbf22d0c2f4368475a12fcb992a3fe08199a4c5eb45b28f

SHA512
e488df79e0a642b4b1477af721f17853f8e007cfb8cce89ff02c3dd97ce9a6a84fc867f1f2cba2da3b9f4a6cee40e6db1e48cc6777b6825023c2c7f688b2e9d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
3759f94e09b0a3e33b6e92b4c683c5e5

SHA1
61a71a85862b0c5fd663fb01a134ad0f15a57bd7

SHA256
c72f8d179fd63364ad06f7f64d1a5f5220efa2bd6a4aacb25cf34132dbc6cd4a

SHA512
9c250242d002abafa635251ac5335a9bb01be6fc2f430059feb329c48f3a9f3debee913c7f7d311703e81abe6ee2eeb52709db1524a21929ff7a692922062bb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d9c6.TMP
Filesize
2KB

MD5
148fc1101fb541d9ee74c945c6f5207f

SHA1
426121e23c1a5c069f15d8c1a6dbb8554a2eb611

SHA256
9c672f574716a4f88653166d8fcbba685b300691c02c39d4680107610094c58c

SHA512
ab0130c46b4a19e120a9e60257b97cb2ad2f783c9df1161e0e405c12bd5218247ccead0b2e6934112cd5831eadda62116308540b1f87c0e6338c3469001274f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
\??\pipe\LOCAL\crashpad_4644_ZTMDZBSMOVXOLPTR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit