hxxps://go[.]microsoft[.]com/fwlink/?linkid=2122745

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go.microsoft.com/fwlink/?linkid=2122745

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
2344	msedge.exe
2344	msedge.exe
4528	identity_helper.exe
4528	identity_helper.exe
6852	msedge.exe
6852	msedge.exe
6852	msedge.exe
6852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2640	2344	msedge.exe	83
PID 2344 wrote to memory of 2640	2344	msedge.exe	83
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 3068	2344	msedge.exe	84
PID 2344 wrote to memory of 8	2344	msedge.exe	85
PID 2344 wrote to memory of 8	2344	msedge.exe	85
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86
PID 2344 wrote to memory of 4908	2344	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://go.microsoft.com/fwlink/?linkid=2122745
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc2d446f8,0x7ffcc2d44708,0x7ffcc2d44718
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1900 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,15156336150727670731,12813236855640485208,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
79KB

MD5
e51f388b62281af5b4a9193cce419941

SHA1
364f3d737462b7fd063107fe2c580fdb9781a45a

SHA256
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

SHA512
1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
263a6f43a2afb2a608589e4810ae64ce

SHA1
bb22238cd8dc7beaef3c79bbf9c61f7bb34e49d6

SHA256
63c9751f3b1a77f9a91db86df8a192766e499dac7c48f546d6491e98b5eb4f29

SHA512
b6a137f41293fe5ce9e8e667fa3173db1a058c587cb9c92c4221c908fe18d5680de9bf588d44ec538fe03b989105eb9f444ebb41343ceb4c739f9f20ca0025e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
169054d3b62ff30a7503861569f47d41

SHA1
44408aa0ed9827a22d61448af337c52a0280aa3f

SHA256
af60044cf4e54a812853b4a7ae5ea9b98dd939d5ee8cbb0c732c6f50739d55eb

SHA512
d63efe95653cf52ae2a69737a94d2ce0a7ec5d1d588ae52e2bf178433572e6a313dba12c3ec5d75aeb4476dde05ba0cef30eef05bef7c021dccb2f00c7342f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4989e57d04d71f908dd69d985742de6b

SHA1
dee6615e7e80f42f5bd31fcc4b064473323d416b

SHA256
0a45a8f032d91cc75a500f0aedd212464421e38f410e260fcd75c7676e537c61

SHA512
b9d14861f237a5d6472527c52384d6e791d5358a12d8b89a7d4418320f59b674a30261fa41c8bdb551321d07274511bb9ffd7bb01ef75517be68585f9f412f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b413f36b7d82348ffc4f24b670d03472

SHA1
6d80e91a9baea5b07cdce3ce68da215502972d16

SHA256
88bc174011e6d56512be8da1c9594401b133d2ed83075b2162e6c84ebee03f6a

SHA512
65557b0ac78b802f4b65236894270e9d4f7181b8a251855a53fcfd8359a8e9474bad51e6dbe44dffbe7b791237476578586f94b854b673e9411f46e477214c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
74ecb9601ede3877fafad463d555a23d

SHA1
8341172fed64b31518786801f4ca88b2b5b37de8

SHA256
53230b48822f5beb81e53e51d983354b35ba1c1dfd39ea0b6c6a818d09c21d74

SHA512
517012b0670cf0438041bd310974b1e963cf9def33d7a341fa9f8f7a4a066d0f4ec6c17834d381732e021803c8c9cdeb3a3487260dd0c0f6209fb010fddb03e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
23cb1bf86c8fcf4e033e0083c659d4ff

SHA1
1dfb343e515fa26aa1b2b866536eaff8c50f5ba1

SHA256
4bd8cf86a9c26e62dd88972f7639437944aa107aafa91d52266d3585dc57219c

SHA512
e52605e1edad94a21d8891cdd1d1f676c53d48dc3b4754769607f473b81c3ff668ed81be0bbcb299bdb1c34f4b4019e225ee9f312bfd0376181031895798362d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0aba6020c9f0073be9dac2396f6782c9

SHA1
bc6004e04f78fa4ba5b01814b9e20b2e56a9308d

SHA256
40e61a885133f5b2c78bba1ee40aec69deb6a4e5abadd6bf694cf6b5c7ced854

SHA512
da76b1be862d2d69e3417fc16c1ea0ab118f47b8c5752f90b111c78c09888db29ca161f96a6b301112e7ebd487bf11248f684adf711f712bc1223a8da53bdf16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\91eb6687f54a047b7a5be2dbd14ef61c70f19ea5\0e254f58-92b8-4c5b-9846-3c5044384c16\index-dir\the-real-index

Filesize
12KB

MD5
d25bd78aed1c6f352934fa2b9ff73f92

SHA1
0aee50086baf983202d464f0faad275aa2bd4efe

SHA256
e58f15cdb71ebceafb74613eb6fcc6bf30f453001929a439e73f6ccb4f547d53

SHA512
9975c3cede3df1e4494ddc25108148ace3f65abd0c9aa53b2a04072557b1fc35345943a7a41501a6bf06cc54ae339a3d432b1a5331983a8fcae2b38b7746c570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\91eb6687f54a047b7a5be2dbd14ef61c70f19ea5\0e254f58-92b8-4c5b-9846-3c5044384c16\index-dir\the-real-index~RFe58d9b1.TMP

Filesize
48B

MD5
65cf7ad02a656d560c67d018498e66cf

SHA1
58ed29e0737d893da5b2913c8ce9cff0e43ed617

SHA256
43c4ad1bc05784cb2a29426dbeb0f3e4b367de53912e804ed43516d95ed3255a

SHA512
5b40fd24e15a8921ca7fecb89d896c35136fc287537f239709875000b1ec846982d1c84b03e8592f06645005f90fa448680170667cd04ed95525b28a9b7eb95e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\91eb6687f54a047b7a5be2dbd14ef61c70f19ea5\index.txt

Filesize
135B

MD5
12bcc4064a3dd006a21179154421aa95

SHA1
0afdad2d0528655fa13e2d25f1fb7503c863cf76

SHA256
b70cd16f1ac253907fb3fa88ea7ca9cc61da1c7366ecbebfbdb6e9ef05e42937

SHA512
6c1a94c0e3ed93d0c7f26c00da6b6737c173c9253f8d1675685509980a0de0c9965ce4e5b9a69e9b1db24289b585790b1d74fca488bb84e183f024b93dd7c512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\91eb6687f54a047b7a5be2dbd14ef61c70f19ea5\index.txt

Filesize
131B

MD5
fb1bad40cb30ac2b82396247c12c7e3a

SHA1
b97b1c1f11fd823baeedd195c70c9524fb15f76b

SHA256
8995f7690bb616da15d524a16b547d90b95e7b9092ff6072e61264c2a643d6be

SHA512
ac3486c5d389b7eb8f6ade463b6591e93d4f162c700b7f83960c2a34112484be9ece7d4b3bec4a590aa2a9921125ef8613b7db81073f8bf8db176817739dc7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
65d8433c520ec8ecfe44e23867979869

SHA1
5e74720daa3c8d24ec99e1d1a2d2393d621156fa

SHA256
b8a22c4bebb5146588501675aa5a3d73305d14aa5f54acc3f82d4c9fd72b69e8

SHA512
91f4d53328a6b24efe0c6ebab1a24369a0560d88de98eac89a23f6c39d4822977c8db42d030cb4b75ddeeaa3aa5372ea4f51da53e13b6d6844c49eb14851fe2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587f5c.TMP

Filesize
48B

MD5
ce29c51ed14631fd44f9f36e51aa6ab4

SHA1
aedcc1559b2994110fc0c72c79ec99df04fe1f5b

SHA256
8639d67bc4006f8b3a7c68b161879f478a6c5be0b9b2c4b0d3a2ab05b15a88d6

SHA512
3356e95f6239467e23c63b400e82bf5ab8793f5343f2b49c2309088f305cea5d468b94d43a50371f884a039442f85bac76d46d83dcbf434612814b687a6cffdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8409bca068e22bd0ae50910e463602bd

SHA1
23bb3aca85f9c51b628b2e0b79173f2ffdb74f67

SHA256
d66da918bc289b4ad0e304323b6d6475b04756d430c1a5c22afbf48af6ded3b4

SHA512
f2817a83d2b6c2d9662428017b5fedd0ea7f814032724a2b75cdb6d949e034e61ff050da9f4db3384f0ab9b8d0caf1aad5bcb6cd7bf88080cc06ee6c59a8cfbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b6de391368901fe37e0398c721ea2c7

SHA1
b0ecb8a5ec46daf387f343228bd41bb1e17855d5

SHA256
6f0496db64e6a4ff816f6e28ea5abf7a928337959b07dab2fc76c3bb67b0f7e5

SHA512
a1b05ffe4621c76905b43509e8a99ae4fe4a50ba9febb6080388452534a64af4b6fa1d4d95799a7030a010139fcc8015726fd53ddc6ddb1a23d39d45a0eed646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7d543894f89ddabed9cc23a13a672b69

SHA1
9c4b9f70b836e0684ceef9763761cb47821fe41c

SHA256
556631ca861dad1c03f3288e2021c3401a0f37e94c8180873633dbc4ea581c5e

SHA512
9dfb91bb0832e8913b43030e29db65e7f7eda62c79a81f35a29d1b08400a66d1752226fdba8838fe3533e6f18aa908b938ff2a71b372cdad60736d1f5aeaf63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5840bd.TMP

Filesize
536B

MD5
9f23d98c01609cbef6d92279303f0b3a

SHA1
dc85bb016ed88ec18a9b38332057e60b94b7b78b

SHA256
38914a057c0f50a5e9dfac18af6108fa50479a2929b990072abf9c0668f249d2

SHA512
cd22fe97f9c3aca32545f160961f5e554fca8cb4cccd8379569ed1b99d74516cc53ab1cb9ef689cbf1b9a7eef4bcebd33e2fa743831ea060683914a1dd1c32ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6a62aea38b9c69d42561d4eccfc4b9fd

SHA1
4467c4ce6dfc8b133c17660805165b9a8b9e3a09

SHA256
8277d7fcfb71f49b2c800b756f3e5a8fb62febb4170c9a97915b0f5e3a8babc3

SHA512
c86231a497fb026ccc258dc5aab5192ef1db8d846133e797847a812922a28b5f90b255f15e74de8b1b30fc526ed6938abc22c445d9b8201d72f43efb37b06041

Download Submit