hxxps://secure-web[.]cisco[.]com/1YnI6qkhd5GXSkZfZd7WDhVASwUGo4NlSsxzSYIqcF41o8n61pr6FC4SYTa0lDJkhz8jkuMmtnOICFw6udyMC2x8SXpodMh7WcWGCq3xoYUdroAj-Sot9mIF2aNqiGIBJa7MZ_iUpumSn362yJxHxN5g3J3yUWXGjbPsmte9DfNWaLzmrqJVG62mnz_LQ1ThzWP1vDBLWCetR9rH46MElZ7lSp7k4c_V3nR1w45ii_rIEm3GHE3FVW5XAS-XBCtMPAELxfRkuwWtu0QPMqk1RsJLeZrX4IdQYHZLkTCa3Ac_jFJnM8PPskjgYBWJzph3jt1GFEwhv6ItP7MlH_D6eeA/https%3A%2F%2Fapp[.]box[.]com%2Fs%2F25nmxk3r6x8jjf97l5nt9o7by0khdb7l

Resubmissions

20-11-2024 18:03

241120-wneyksvpcl 7

20-11-2024 17:42

241120-v99jmszqbz 7

20-11-2024 17:38

241120-v77l9svlhl 7

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://secure-web.cisco.com/1YnI6qkhd5GXSkZfZd7WDhVASwUGo4NlSsxzSYIqcF41o8n61pr6FC4SYTa0lDJkhz8jkuMmtnOICFw6udyMC2x8SXpodMh7WcWGCq3xoYUdroAj-Sot9mIF2aNqiGIBJa7MZ_iUpumSn362yJxHxN5g3J3yUWXGjbPsmte9DfNWaLzmrqJVG62mnz_LQ1ThzWP1vDBLWCetR9rH46MElZ7lSp7k4c_V3nR1w45ii_rIEm3GHE3FVW5XAS-XBCtMPAELxfRkuwWtu0QPMqk1RsJLeZrX4IdQYHZLkTCa3Ac_jFJnM8PPskjgYBWJzph3jt1GFEwhv6ItP7MlH_D6eeA/https%3A%2F%2Fapp.box.com%2Fs%2F25nmxk3r6x8jjf97l5nt9o7by0khdb7l

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: image_loading@2x_fd2a63790bc01d48.min.gif
phishing

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
63	api.ipify.org
64	api.ipify.org

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	Process
3612	msedge.exe
3612	msedge.exe
1860	msedge.exe
1860	msedge.exe
4448	identity_helper.exe
4448	identity_helper.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid	Process
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	Process
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	Process
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 1860 wrote to memory of 2348	1860	msedge.exe	82
PID 1860 wrote to memory of 2348	1860	msedge.exe	82
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 720	1860	msedge.exe	83
PID 1860 wrote to memory of 3612	1860	msedge.exe	84
PID 1860 wrote to memory of 3612	1860	msedge.exe	84
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85
PID 1860 wrote to memory of 2728	1860	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://secure-web.cisco.com/1YnI6qkhd5GXSkZfZd7WDhVASwUGo4NlSsxzSYIqcF41o8n61pr6FC4SYTa0lDJkhz8jkuMmtnOICFw6udyMC2x8SXpodMh7WcWGCq3xoYUdroAj-Sot9mIF2aNqiGIBJa7MZ_iUpumSn362yJxHxN5g3J3yUWXGjbPsmte9DfNWaLzmrqJVG62mnz_LQ1ThzWP1vDBLWCetR9rH46MElZ7lSp7k4c_V3nR1w45ii_rIEm3GHE3FVW5XAS-XBCtMPAELxfRkuwWtu0QPMqk1RsJLeZrX4IdQYHZLkTCa3Ac_jFJnM8PPskjgYBWJzph3jt1GFEwhv6ItP7MlH_D6eeA/https%3A%2F%2Fapp.box.com%2Fs%2F25nmxk3r6x8jjf97l5nt9o7by0khdb7l
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdce0346f8,0x7ffdce034708,0x7ffdce034718
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,14091984207025504001,5936062058719655688,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
6e8ae912ff87f00f33192fa4dc1cb1d1

SHA1
3b2e874399886d196beaff70541361a5e02fd8eb

SHA256
49fc849190a6dda85ca63c1ca2e918389f6b4b4081c91732f62e4f41885dbbc8

SHA512
0bb78641b105c30ca525e2e7806b5f34dd6228a9ae7ca20b5a3baebee8caa6dbb890cf2a343af097e906e512a09c2d64ee0ae36c2db05ae706e33611c77747b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ab652c5ed865d0ca84e122b2c800a3bb

SHA1
ce65e81fa4d6bc326b540bdcb14b93e27bd8e9f3

SHA256
df19394c27ab5f839500af010918b10799c0e329017e2a0cd443c88adef394e6

SHA512
1e9b505ce4fabcc84d2ab33ae8ba35236abe9dc6aa2459aff6ccba0a6779d30de96fedf81e44cd76af213a53e6f328d888aac32ef174a9da83523de644b8fc28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ffec39178679efe648119144e1338a4f

SHA1
a220c95adc030b8efac526673355102d98c4095b

SHA256
6e59e3e008c1eef3619c6f5180430a14ecf4fa10ca22b0238d6f8700c38f0c61

SHA512
3d5d8442c126c2cbfc60659a76a6bc1c9ee97ac0a7d2510ee74521e6eb214e4e3ac94e5de57e65b60fe3b0437c52745d606e078fc3c042804925548bca2585be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2002743f405a31c4b46d2c6305f78d78

SHA1
939d9f6c302e8340b1242e4d014fdff252e000b4

SHA256
26715d32a296f239e8a597c52a5cb4b332d131ec68faabd5cf9756072dc462b2

SHA512
cdd25a1e3c6b49aa90916ea98109fa0d15840e5b4b33e65f08025b32beb7242b610b66374057e247323b73152aac2c8277b775f7b274346d6d3aac469205377a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95e9c999863c886f01caa20166e07c11

SHA1
c8c9d4674cb122de5845be4a4442c9ee51536756

SHA256
ded0f57a984854282e4b9195ea4a546206562e66feaeae96ef81055fd5e91ee2

SHA512
c7a705cb8051f3d4a3233d72f2ae8aa228e173453b9a78aa24906209c9467cc40d5b8ad14289dd73b45b4db34232f52b2d0fa468f7f2ace60e1216e96b8ce1bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
876B

MD5
c866a3ade7c21e6d96c9014cbb6f6caf

SHA1
f6471188adfd6cba6e794617730d157541c17f39

SHA256
e1d7866fdf57a8393ad9d4ceae2272130ef050241c1b75524fd3d3114999f094

SHA512
b53696fb17d75d8b4947e242db8a2da3abbc78d880d7f8296171bb6711c5f0b9d6a833f70618c7b4e8db5e7924282bdef053ac984bc6d0eed97bff85f796210a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
876B

MD5
acd5057b82569f22cc38ce1da3605a55

SHA1
bbee8c0d9de74d90999a9816a6441276bdf3ad76

SHA256
ca631ee132ad5263bae308dc7c123731cb45e0602a900e569e74943552f54c60

SHA512
e9c480e02f13eca94790e7d4a6701bd46cd1d480c7b7e0ab6273c10271b71abfb63471bc426140a47074d08ba74653e2257dd7b9c0723a0827635f87121ee735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e09c.TMP

Filesize
876B

MD5
3bd84b961085c8997edb809e473868d4

SHA1
91af9896a87365baa41e806b9ef173ce50a5b00b

SHA256
0d9198bd2817ba16aa88ecf0829ffd5e92de3a8482a81f83bb62bbfb97e39e64

SHA512
df3e267012fd91551d38c40c0e45d9e7a293111a68dd3df9916080626be0a58e9d6482669e94ab993f86d0a72d12320dfbcc87b45ec1c504e94ab8d0f6e1910c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1d3115325483a5d6ec07d7d1e6af81a7

SHA1
4a417d738f6d8a4afc8905d5ae2c133af173fc4c

SHA256
8108c9abf3825d3de8da35f2b9316c21dc0bd84b1bffe19b0fe7c7b31dea1f98

SHA512
bced197090a5cba7cd94845da0fc733b739350b24b91c1fcfa23e6a54205fb927a2da70336b28c20855f74da63c51f1d99acb8fa7792d2d0658968b29931ca89

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1860_XBHPDHRMIRDQNROM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit