hxxps://onedrive[.]live[.]com/?id=551BBF22B0F036EB!110&resid=551BBF22B0F036EB!110&ithint=file%2cpdf&redeem=aHR0cHM6Ly8xZHJ2Lm1zL2IvcyFBdXMyOExBaXZ4dFZickxfRmJaZ3FiVm9mejg_ZT0zRGVKSkMzWA&migratedtospo=true&cid=551bbf22b0f036eb Primary Request

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://onedrive.live.com/?id=551BBF22B0F036EB!110&resid=551BBF22B0F036EB!110&ithint=file%2cpdf&redeem=aHR0cHM6Ly8xZHJ2Lm1zL2IvcyFBdXMyOExBaXZ4dFZickxfRmJaZ3FiVm9mejg_ZT0zRGVKSkMzWA&migratedtospo=true&cid=551bbf22b0f036eb Primary Request

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
1176	msedge.exe
1176	msedge.exe
3712	identity_helper.exe
3712	identity_helper.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 2620	1176	msedge.exe	84
PID 1176 wrote to memory of 2620	1176	msedge.exe	84
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 3316	1176	msedge.exe	85
PID 1176 wrote to memory of 4016	1176	msedge.exe	86
PID 1176 wrote to memory of 4016	1176	msedge.exe	86
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87
PID 1176 wrote to memory of 2912	1176	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://onedrive.live.com/?id=551BBF22B0F036EB!110&resid=551BBF22B0F036EB!110&ithint=file%2cpdf&redeem=aHR0cHM6Ly8xZHJ2Lm1zL2IvcyFBdXMyOExBaXZ4dFZickxfRmJaZ3FiVm9mejg_ZT0zRGVKSkMzWA&migratedtospo=true&cid=551bbf22b0f036eb Primary Request
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc201b46f8,0x7ffc201b4708,0x7ffc201b4718
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4204 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4904198286541229615,6934269221680813710,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6364 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a02b64e5be57d732a62955cfca9e66cf

SHA1
dfd569b8522969ac88d9485019212c013869634a

SHA256
9309efbdf26926bb325c9bc85bc39e77c0a2f68131d58409e035892a06c267e2

SHA512
1049c59fb5fba857ea33c6bb7456f602d118f9405a288a40ab9e336e6f2d594b5c225472877eb8a2f4d5e23a03f8c498f0f44fbc06b84cbf279d5807d8152330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
884B

MD5
b81e9cbe6cefbd3bedb9a116d4caaec9

SHA1
1eeb4ae99474a851667cd1c8d4e9704f1423f457

SHA256
7b1b18313b97cbd816bff4c862cd33b354fff9d1cfcc92b9d64424089126af71

SHA512
69a1e11e22c86b68632d5f929a89b6335f711716a59fed2acd62550cd7443af9bd130e374384b204da4d7f5e0efe86b72e52a49764d2a9078c489973774bcbfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
814B

MD5
7a40fbdb5b07932958e24f205d82b332

SHA1
65ed4809375f2734d6066347202bd21b475706c9

SHA256
126584028c028ba50912bc2b45be5d8c8df207aefcf3e62fd66b4d26f92051ed

SHA512
030c8ee7acc6c56e6a1a4a2c73c2161c47e31f9a442480251c762ecda7ea799d3a320eafbe01ab40b293f7dfcfe1f9ccf50a9d156b3d2822875ce1ef46f13125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
315f5c80826835793ca295057d477506

SHA1
97dccb6e25e6b0f67ec8194b9b2a99903dc840a2

SHA256
a6bcb0cfc4caf0a60cdc73b1b97c56087d3e8670d85a7a3163896877ab851a77

SHA512
3be2a06a39d9289a1d786f25c885e8757987214d18376d19be108c36f040166cccbd4767aa31d01a9cd23ffa23da531074185a8ed26b2396d457281f067ebcc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f3f757e2d1ed8f175360895b371da52

SHA1
f886be5ca1cfe79364274b650b5bad1f5e39e773

SHA256
63d4bae7e72a52433bde556e0988eba37b5611517cffb7fadad4848fce1ab23e

SHA512
8ce3a805f08eb5a029d60c7524d2774a4475e7e90e9e20eb00fd65fcf6bf9f6333c7b0a6eab0a57c503681687fc18c4bf0703ab716a8773098bd65ab2032910b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
675f0882070da64bcc45676dc2dd0cd6

SHA1
8834182fda5a95142e8810005ce94332dd74797a

SHA256
947e6f735e42a0da65c959dbc3d8e42eb907897493e4092158f9820e10efe279

SHA512
7a088f8d1bf55e1c1c2fe5d8c4b4e9274ec8da13a33d8cf4b0cf4cd4a33dcaaf313e08173a93db2f9e0be36a603f8cd77f90fbcf59798c5fe31573184a877687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ca7bc2c40c604e334e2c5527d6d491d

SHA1
898463543f2878191aaf23fbac30f3658f606bfc

SHA256
6bdcc5f2724043c5dea433165e3360007eebe80417336b3e6115c73ec0ebcdc1

SHA512
39ad046548c02ecb784950c90812fcdcb59ca9ea90d3552931fb915da85b1caa99983c49dd28232e6ee57056aafdde9d9c1c4df72d4458b7092c4960b986ebdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e13be91371e63f42bd97de90ac47bd0

SHA1
559f836457078a7ffe625602f8f8a166553ebf96

SHA256
f897025b6b6b48841cb3fae4c447a3e089a60fe57ef402d34b95ffc4fe689048

SHA512
37fce5576a219f611d207c71fa6f7f7a3b262522025d397c58a8fec6b1563788933141c86189d8ad6129d72474d5563da663e17a3348b07c6d82bb3cd9ddffbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5814bc.TMP

Filesize
1KB

MD5
130522cf8e48239135d0554b3a3c9ffa

SHA1
bb4a0adb6153c2b1edab7f83b74a8225d9d289d6

SHA256
a3023f4128f09d79b0391ae5994ccdeb49adf467467c45c06d8812f31daa6edf

SHA512
53f0795834837cb87995c37dae1c1b0caf20b1ba05a6707f545df9ff2450fe8a37e3e090a51ca577bc33f9d2844698f71491f3c81ea0dcb1d816498ac19cbba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8ba140ef42335ba0edc78cfabe5895b8

SHA1
335530c9a8119359881366f1cd7f579a11e3e931

SHA256
db8333a646fce2d96ad103b6600565b83cc0f45d66af2252bf83ee98916ae186

SHA512
fd08f312743c07a1ce5a6b479ad5b8d8447a8b2003333d94fba02dc54393d8a090230008efa19c0afe56082079b3e84ad048042664bb707fe8b81281a5537e05

Download Submit