hxxps://omillionaire[.]com/personal-detail?__sta=UYFFJFFI%7CYBH&__stm_medium=email&__stm_source=smartech

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://omillionaire.com/personal-detail?__sta=UYFFJFFI%7CYBH&__stm_medium=email&__stm_source=smartech

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: Robotowght@400
phishing
A potential corporate email address has been identified in the URL: Tajawalwght@500
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
4000	msedge.exe
4000	msedge.exe
3460	identity_helper.exe
3460	identity_helper.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 4712	4000	msedge.exe	83
PID 4000 wrote to memory of 4712	4000	msedge.exe	83
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 4384	4000	msedge.exe	84
PID 4000 wrote to memory of 372	4000	msedge.exe	85
PID 4000 wrote to memory of 372	4000	msedge.exe	85
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86
PID 4000 wrote to memory of 3476	4000	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://omillionaire.com/personal-detail?__sta=UYFFJFFI%7CYBH&__stm_medium=email&__stm_source=smartech
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6740366197179254590,16364697181104893348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\672022ba-b62b-4465-87d3-2559c133f01c.tmp

Filesize
1KB

MD5
64a4f18c1fcebb7069526fab0a637f55

SHA1
9608bd956a626a887f49cd68ae6d728385ec6ed1

SHA256
3232f1e9a8a0f861edd3306e2cd24c59da84605cdb4f080fbed97551c5a9b503

SHA512
a950681e957f543a4debf042e6d4563b392ea83db125c9dbec600c1abcc5099ade56fdeb90ae82f4f913feaab7095055abd3b7735ab7c966f1402a6eca2f348b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2cdabfc7cb837966d40c51c176ab754e

SHA1
0a83e9c1fab291db05b73c3fa6ad166130fa8052

SHA256
8e0182cd0c0800cd227b9bf866834bdf661e6634b0b5d1103fccba7d7f5e1108

SHA512
c20e59e2e3432421c8323a6dd0d03888e9ab0424177be727667ac88b34660cc4c2019b7708de4a5bae016940f79de4ea0eab404bc948488e20fc3e5c16a1b98b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_omillionaire.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
b4bf1420ac2fb6db8645815bebdfa06e

SHA1
a6842d829c5212bdf8adc4cf0eb445a6d352dc77

SHA256
06727cde8d460a9cd414d65381df425d5d2d8ec6e7775279d6ec3aef2b60c9b7

SHA512
6091c007b1235b6233e593c3aa3edac41a00c2f0f7aa3e06c64e11eadc556188b2f894cd8232204c48a95203a28434db2fe31e69c9493b3d6ea3d163af3cc430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b823bcc165617c093c7de5ac21287088

SHA1
84b9b343813252244a78d8356f6936771d6e2904

SHA256
51c7213b1b32fbf280b0065fd8341d61b5ce6a640aaa442cbff67007fa3768ae

SHA512
3460895584d09e46eb33fb28a8554f8d25aa6f32df430c27ea1b8a5a101560ac11b03c80bb3b3b9461dcde0af55079a0bff736f819552db578111f037dcae7f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b1514b6e178e181064089563008ab5da

SHA1
24f35025ed8fa939267b3be013d3ae559c1fdd0b

SHA256
9a11fdefcac2976e03a4e675833d03bc8c98003fba732da1fc77405367f3c774

SHA512
fcb2de54df8d963d9fa27bde01867fee2bee9f3efddca8dabe4e2c757d04ab8e309fb84996a96e4956e4b33a1cb8a08455e8bf78b279328d406df10f5e6a18ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0ceb2fa3e5f3673e122104d6013744a0

SHA1
ef023357a195593506891485406567b23f8460ff

SHA256
65eec12c1fab7e1d95b9c0389a4b16e0590567be57d01bf3da01c45b78f51102

SHA512
d3e845c218f766f46ce5d92b9ab96d432977703ee20ed9986614117dbb7a17b46d6eada0670fa2e8f9cb6f1c78510e79e92fc39d5fcbd8f2934d16f4d93c2e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dcd3.TMP

Filesize
48B

MD5
58d4c7a0c8f2ae0d8428db42d064a141

SHA1
826a3885d3e9b2025922ae86a294a88f9236ab3a

SHA256
1dd433491b7dc3d75caf7964d250eb63beaa019e4fa8cc0a848d9857b9febfc2

SHA512
36b748c9160071d1175566060d815d1b7e1f7558d7df1383a2521810328ae053c5e1a9195c582edca1de327ae8a3e8022e7eea9c21c108e7ac80f3cd17ac3d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b7630f5f76665b993f03ed7531c8de81

SHA1
7374d3cecb5bc7dd917671f83cc4eafbf0bb64da

SHA256
59da80b631e24dd4337c34049c8157820af60b6a9fbebee35b3c23e98e1f4b71

SHA512
f41a1bab173735b08e7e058577b4eac75ad3790770e4d82ae505046150b3b9e338c9d7600b6d1591d86a3e9bfa57d329d4c4d0a431ec82f19dd242b2cf1069d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c999.TMP

Filesize
1KB

MD5
3d06c27fb161955d3863ca31ab72a994

SHA1
3dd85c6fc38859604c7b0fe6b9d777cea1ddf1dd

SHA256
43232f06c31572b9944184f06e8e544de38c2a61b00110e8f59c74f254b0586a

SHA512
8bbb7d110f05e6b016836858f24860a6e21315bb824431698008d4ed79671f8c59844b74d98d0e03b9e2e18c008678dbad4b7064ca48ffd9db244e4aab018cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fa99527d6d66aed7371a098ad6766d91

SHA1
04d845ae4e2d6753c7e742c2edbe5951d2976fa7

SHA256
c57e29376b4cb8465051f852c8269dbac3715a7ab7886efeaec4b1e9ab531242

SHA512
51e5583d04a04d7d1647c1fa368eef972a1fe43db45d22da62882eeb034bebfbd4d9469127b5c713edb7841773e26827ff24e31520446df96b73cc14a026fe52

Download Submit