hxxps://admin[.]microsoft[.]com/AdminPortal/Home?ref=subscriptions

Analysis

max time kernel
38s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/11/2024, 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://admin.microsoft.com/AdminPortal/Home?ref=subscriptions

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3512	msedge.exe
3512	msedge.exe
1284	msedge.exe
1284	msedge.exe
4056	identity_helper.exe
4056	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 4192	1284	msedge.exe	83
PID 1284 wrote to memory of 4192	1284	msedge.exe	83
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 1400	1284	msedge.exe	84
PID 1284 wrote to memory of 3512	1284	msedge.exe	85
PID 1284 wrote to memory of 3512	1284	msedge.exe	85
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86
PID 1284 wrote to memory of 4600	1284	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://admin.microsoft.com/AdminPortal/Home?ref=subscriptions
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffc8adf46f8,0x7ffc8adf4708,0x7ffc8adf4718
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2966449291259033663,154323594972209108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:1680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
45KB

MD5
750742b5bf36a17ce19556504179d864

SHA1
2b7faef1f0ac31076883ea54f50b02e4ea777ebf

SHA256
c01600707a5c82bc3b123e04505d57057147edca4dc97b75e8aadc10a0c7c6a2

SHA512
cae0a34d0c44a047d6fec5b2f1ca1f5c722cfb16ca94b12d6c089c361f2d1532b1aff73ce4df67ec56e3da6878a82a0355f73aa6904c303247f41ea79195f5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
32KB

MD5
2e287eb418940084b921590c6e672c9e

SHA1
1fc75a9daa054ef88aaea181f3a9b4cba2b6b6e1

SHA256
6c2c58daae76131a00d1bfee20852f372cf594be7f4a8848acc42f8bf72c1bbd

SHA512
a77f69571b0f04f4a2354d9e18e41ef86f22274eaed20c02215b632bfef09c6543a83591e9db3f2b4036a9684bff666eb6a7b253ba18893500e9cd541ab752a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
110bf4f836f1d622c68b927272614e86

SHA1
d85070d21d4f78398cd9c0e87b6d5c8cd05f738a

SHA256
fe3cc9301fdfb68b0fe3e1f66781afc4d3b579d048fdbc7e895746b19258ecda

SHA512
86a3f7b673feb856c637c647ca1d36ecf214b9a602455503ece95bc73421f78d16c92530039c0940f8a1c55eeb9f3f48de23ecc5b21b499ae46d60014313cd14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
907B

MD5
7acdc31f2273e701f0b51b323985ac51

SHA1
8cb39e6ff9467f7af0bd94fbbf5b58b6ac43052d

SHA256
217b022777095c6beb9b473b0eb678512238098fdf3424be724a26b00e9f1021

SHA512
fc4728250f6c9fa4b5714fc43563afab72d5d62117126bd30176a9e6873f3bc56248cfdac5d5b7fe164a7c7cdf14ac5ef2c811328f49a5c67b6bf3590788d70c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
41efbbd7fd2494ebda50b9b9a458b09a

SHA1
5717426eaaadb9c0ae7e1456b9402824fb42a47b

SHA256
90aa3dc793208649457a55c983fd2e11f2f0114e2da42a42185c9b38d336af7e

SHA512
98b29bd5a71b130daf67d1a4c07899afa5e23289dada9048c723b5883c9c6ea4c87601c0e36eec804dc42ca8a952f5d69916efe22834aa04648bc69661f63150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2519509b6703cfd27eb598aa98a1c4b9

SHA1
8101a87da22e1a22d75774d4cb0535184e44e921

SHA256
f0301047d985c27066cbfc3e8da47206780aefa96add601ee1f430d9e54cdf61

SHA512
ec4f61c811b3878e1ce6a29e8ae19a54d21725c07b9907d38ef9dc1e0e03b34a5ba36818074c427c06f3f8038cc17b81796856b7330ad16770281e6dda5ac8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6c1607fa157ae9aef33c2229bb9fe417

SHA1
3f86c3f6d36d53265fef4c17de3d0d9a57af1a37

SHA256
379aa7512b1c255b488d310373e83b574d1f990b83c7032f2c1c569dde874a30

SHA512
781a9f1574bb99ed7a47771a266f8783c0e665e6e281e9cc3d3d8408a299a3980093efafdde59195d9eb2428aa8e97a8cd47c25d9f546e3e28f41efe1fffad49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
65d1019b0030b2d6628252975fdfa258

SHA1
9018f896aac6ac7baf2df701340e0dd67104dca3

SHA256
f768641173049e307e9e8b675df47bf28671e3c9d93640bf48c3268162919d53

SHA512
88ba618b020aaf301768a51658ae7bccf1fda026287030d3dbdf60163b4c32db80bb06bb97d4bd18ce83075833d5319a3265a7c41ac9d14b8497e98bdf302508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f4c07c3360a202765dec6b28db5935b2

SHA1
7fe239a4096e458cf5fe455c38ededcaf6ee1695

SHA256
1ce9c8e9f1bb34c753e3d5ec3427ad74d649d4f1e2b7a82767cea964f0a011f9

SHA512
b527a8ce87dd2f57413acd150e96719ae3767ad54bb51624da5ade00e51d896f628e092f0377b9f3d9e754f294c38dca46df6e4ee1c4845d604cc81fb42fdb9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b25b4bc0761e5c6837dd924cce0f5084

SHA1
dddf2c4d7c509843a9c75189c89d829b53644634

SHA256
db3aaf12c2595b5bb58c11a51487f57247ae589bd28784220baa1a5356457414

SHA512
cd49229b24656c4b6298df01043f96b327da44fb334fd0d1f4436b1549c43babf28fbed929b2526fab913b978730ddaac6eb45f5597ecef658f27d94668eb258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58291e.TMP

Filesize
705B

MD5
b5aeb7b208c7d199b6012cc65894d477

SHA1
a9084b98c61ee3f351e8d8c7919ad8ca9b3da899

SHA256
8198d8929201dcc227dc5f2adffcbb0ce27a3cb8fffea248191f23038a611dbb

SHA512
2308686949aa1790d7217f31feca9ce3eda12c8763305b28df9c0660a051323e8a8d277639135ae26ad69bc37586804b2307a24d297a3cba5420c359d8f35ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0194fa5388f4671c6d94e69b036eb00a

SHA1
ec75098f4b904d60278014574c8590f67e6b3289

SHA256
92c83a42caac4e933e6f3dcdb48d1cc7c1ba43520b55ff8176f5bcfbfa80af43

SHA512
33ffceee78ab731dea96e6211dfa6875581d3db296ab9a791652f38f2f86a490b8c155eea34d1e1fbccb0d5fd8fffb01ac701ec9b5b0fa3afe67e5917878485a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c4f859990d859c564f914acfa86d702e

SHA1
8706c42cb9f5c05720afe4d0f10e2852c551aaff

SHA256
f1d61773e8cee2cf9465b5ce3688c5fa90a107d90299569495f9414cd0022432

SHA512
3e056e148f30d98f19606cde1c08c2cbbb3aa50a31f5cf72593396e800629f2b56a4ef0ce5428bed61e860b67f03e78c003149508fb8a80bf55e72763bb7b262

Download Submit