hxxps://forms[.]office[.]com/r/MjDTyFjRQ4

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26-07-2024 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://forms.office.com/r/MjDTyFjRQ4

Score

6^/10

microsoft discovery phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
105	href.li
103	href.li
104	href.li

Detected potential entity reuse from brand microsoft.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
4572	msedge.exe
4572	msedge.exe
2780	identity_helper.exe
2780	identity_helper.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 452	4572	msedge.exe	84
PID 4572 wrote to memory of 452	4572	msedge.exe	84
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3108	4572	msedge.exe	85
PID 4572 wrote to memory of 3536	4572	msedge.exe	86
PID 4572 wrote to memory of 3536	4572	msedge.exe	86
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87
PID 4572 wrote to memory of 5072	4572	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://forms.office.com/r/MjDTyFjRQ4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff91ad46f8,0x7fff91ad4708,0x7fff91ad4718
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,4467118886268031711,16852266551323279556,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2d533405-a633-43cb-9ad1-bca43293d239.tmp

Filesize
874B

MD5
3dd8f33dcc8e720a0b54ae9122ee3385

SHA1
bbdbce20e60a3fee1a017bb2b12b3a1005ec663b

SHA256
b2afc974f8a5770d4a4637ec996082988ffeaf6b51783c8c36d54f8e9ff85b1c

SHA512
68a348e18320d8649e1df2ff690c7a54e90f5e620177ffb8e536cdf253c5a312f2e5768d3b7166bc21907c264d07560bc7ddafed9322f052059f915d4f22dfc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
36e529bbd57113048d9fc29658d8cb74

SHA1
c2eeda9537a7f0b36d019651b98d1f5eff4cc9fc

SHA256
a7e02c973b31d04ec6428ecb1ee8252b202166bf43b2291f0518eda99928aa6d

SHA512
34c83fc9e3b52afafb60f15062c2681fccc0fd686da21e33abf3d8bbc4bf828fb9d0336912c06fb545c75b94ff957d639085607f17c57fbddbd977cc295f1b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
a1a5a536c6558a550d824e89e80a3358

SHA1
d23c16486fe743abaf7ce2a484173a6549f9cbe4

SHA256
d5959824021ad9a293141c2b820013e0f9f505f24fc8c8cc9ba3fd1c87382533

SHA512
3c4bfe91a00fb21825768271cdf888fb05c3e30afad9398a19c7e42a3af43f7ab4ab9764a8a134fe513f09918a32e1403e4e80074a8091091e8e9c541427e98b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
565B

MD5
61122f32d4aea43b2cc51c09413855bb

SHA1
096518132d875ff0bf91e85d76778ceb1b947923

SHA256
d6692d8372cb38cb983f6ebb69501064473da4f41412d5c30783ba42c8021657

SHA512
161ed0c82e9bb7ac81661811094536efbff95335531abe0592f2f91e878e1ee0d7c9329024a5b8b2af0a071f7bf9bd5727d02a2dd179a733a48413c6d9f8ccdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
718a3df3ccdf940168e45ae2bfd3c995

SHA1
799800bbb7a1ee131dba04d432ce866c723da11a

SHA256
64dc2526b466e12705eeb065734471fe0dfec6cdeddcc152d9fcef44162e14fc

SHA512
245f116b4862b9c144d3e7766868087743e487f756b0cc8e6e6db23101296e0e6b9d300b6774bf7354eecefc0134011be9f4c7405d8af6b223f5fc4f82e0c146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7716ce399963f68abc4cd405cca3f866

SHA1
761b4033d71a37035df6ba06782f56bc5748b0de

SHA256
35ed51f0348511172474bf24558c1f3b644d84b2e3ecf8e19cc2abfebfd26f1c

SHA512
9154bc630438371d58188d0fe53fcfe082e8ab2309be667f094fac87badb272a4b42ba8187fe2f9c288f0d0345ad548f9995f0eae0454b6ee7859e2a0ae64af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
489ba3c6f240d3160a1d687f0f4b0df3

SHA1
f9d52b2e2e46377d021194b38f50384fa114b0c1

SHA256
dd4beafb39bfebb5dbbe7573b347b878b9ce0b63117d61f1331354d047025e76

SHA512
d6c6d37685c4d0afb5cf01c873192531187170933759ead8e76ccc0d3b9fe5527be91b3a9bdfe1eb6fc80c0b0c6ce29e799f784291e5ef7a9e56396b1e5492f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\20a5b559-2b43-4b38-b032-7b925d6bc6d2\index-dir\the-real-index

Filesize
72B

MD5
22148e67efb679ab5f2183889c3c192c

SHA1
c21d4b1638d3c8dec56cfdb5dc5ed83c2f5a0c5f

SHA256
5c5ef6c10f32b1c99fa7859c5a33924dde7ff315b671205eb87398938755027f

SHA512
6c51bc4d793e61e496e1d0ad3dd7b2ee43f16d8a8c4aa5fe2ac17d58be12964c8db6fdafd007212aa1139a6d057ebed103b73db65f9a560a5ce0a1b998935a83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\20a5b559-2b43-4b38-b032-7b925d6bc6d2\index-dir\the-real-index~RFe57f2eb.TMP

Filesize
48B

MD5
5426f28531dd1098385ef1d929035635

SHA1
0accb95ac1d1fe43842e1180ba956fb96dbc7993

SHA256
40939b9d097c26e99f328d64596c7306aad580cc4ec6d951327c7ec819b67623

SHA512
121cf0d518090ade32d1147c605b35d4131e78df449294f293b6cfc1c657c99757d6db5372f2002703d9128950439c1f030b2bcef44e12146e6ebffb61c91f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
92B

MD5
9098b1811d1eef4d494d5c19f63a32e8

SHA1
d176476e63973344dc3b34978f4bc9c4b6d6dbbd

SHA256
0eb51281438c6db37a0bc8d878686f53581d8ea150424245b9c05079583f7424

SHA512
67e03cb7eb4900e0d7ba358d488028fb3fc25388b773ff7f918182e12517cc979947aa35a9b6c7289ca7d2a4b11467fbab9358e1f4a04845b65743a6cbde5d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
86B

MD5
689a1faf1b0b32d83be8cf5048543580

SHA1
4f51089051c297aeb525b5360482acc6a7a3c188

SHA256
889a21206276e969a06b9826f663305e636db531800404a37e5d1d26ef8a86a1

SHA512
c8b05fc1245db7b31aba6122226ba229c312b547042f546f931ed232cc1964d04f99f3bed6e2a1537fcdd63b1ebc7fa7f7d52fb1c40ce93c3e4f3235a4780484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
954244c53709199069eff8120be23d5c

SHA1
350b0f4d14f55499d885fad4f5e03444847d08d4

SHA256
7d747ec79f49d7dd875939616dffa2116bbb98dc3d8d1999805a0b0aadc20b2e

SHA512
b255744df4989c8e7168249c5241e305e71306ca6879ebe93fa34b6db97a8ffd0d7a7059f8b1a8c8f8ce4d295393f0cf00aa83b6b2594d32627d7c2b8c7bb745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f220.TMP

Filesize
48B

MD5
f70a407190183590a714772e40d96011

SHA1
efc62f8a9032afbd6bb11627f8d286821b9eefc3

SHA256
def53fead9c4fa99d422252d6dedbadc5fe5c6706654cd0a48369b73ba431a2b

SHA512
769e125a03c6826ffc362f60332174aa599a651fef0529b0894beb85bad408e40ec51652195cd0080c1d9e82807370b14bd9a7b767b47ae37301675533ab2820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e4b05d8259fd099822f4e96651b2f65

SHA1
8f330abc54825a4c36c72d00f245041f77679392

SHA256
de7355ade72f202f39a8be66c4d9fbfc9b6799365b310cbdae53703868b55516

SHA512
192956fa43c03183090ec3fbb8009134491117e72b49810e03e0d6c2b5bca7e0be7cd269753309dfc9bff92eb3c5a36f7e623882f6815a74580030e07dc2642b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593c34.TMP

Filesize
538B

MD5
9b1ad93e9c31d951cd03de62869152b3

SHA1
e1f7559515261fafd0a82b33e5eba874da966fe6

SHA256
0a0ea2ecd0683bbaa08396f3099efbe526940777c48b8fbdb832660d343203a1

SHA512
168623e2dd8eba1b35df5e364d87b4d79cc4d1e501e5712fd138d18b61349b6b4f59b7b82f13b2c8c2c707db3db2e862cdf414093225cb53752fe37fa52b2f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f568356738034bf692d40ca81c9df4ec

SHA1
010fe786b9fa33d8e88023e159de8a402debd067

SHA256
ecd3f55c2ecca13b4b920ccfc7d668d0664406ad0cd03e211e028d63a22ade28

SHA512
6b37257468ea050841c2fb759843a6b263f03487f2b69cf9f1735d342d25859264aba187757854d896ae6ba2671577aa9cf9d76df90541708336a12635b84b9d

Download Submit