hxxps://secure-web[.]cisco[.]com/1YnI6qkhd5GXSkZfZd7WDhVASwUGo4NlSsxzSYIqcF41o8n61pr6FC4SYTa0lDJkhz8jkuMmtnOICFw6udyMC2x8SXpodMh7WcWGCq3xoYUdroAj-Sot9mIF2aNqiGIBJa7MZ_iUpumSn362yJxHxN5g3J3yUWXGjbPsmte9DfNWaLzmrqJVG62mnz_LQ1ThzWP1vDBLWCetR9rH46MElZ7lSp7k4c_V3nR1w45ii_rIEm3GHE3FVW5XAS-XBCtMPAELxfRkuwWtu0QPMqk1RsJLeZrX4IdQYHZLkTCa3Ac_jFJnM8PPskjgYBWJzph3jt1GFEwhv6ItP7MlH_D6eeA/https%3A%2F%2Fapp[.]box[.]com%2Fs%2F25nmxk3r6x8jjf97l5nt9o7by0khdb7l

Resubmissions

20-11-2024 18:03

241120-wneyksvpcl 7

20-11-2024 17:42

241120-v99jmszqbz 7

20-11-2024 17:38

241120-v77l9svlhl 7

Analysis

max time kernel
44s
max time network
48s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://secure-web.cisco.com/1YnI6qkhd5GXSkZfZd7WDhVASwUGo4NlSsxzSYIqcF41o8n61pr6FC4SYTa0lDJkhz8jkuMmtnOICFw6udyMC2x8SXpodMh7WcWGCq3xoYUdroAj-Sot9mIF2aNqiGIBJa7MZ_iUpumSn362yJxHxN5g3J3yUWXGjbPsmte9DfNWaLzmrqJVG62mnz_LQ1ThzWP1vDBLWCetR9rH46MElZ7lSp7k4c_V3nR1w45ii_rIEm3GHE3FVW5XAS-XBCtMPAELxfRkuwWtu0QPMqk1RsJLeZrX4IdQYHZLkTCa3Ac_jFJnM8PPskjgYBWJzph3jt1GFEwhv6ItP7MlH_D6eeA/https%3A%2F%2Fapp.box.com%2Fs%2F25nmxk3r6x8jjf97l5nt9o7by0khdb7l

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: image_loading@2x_fd2a63790bc01d48.min.gif
phishing
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

61 api.ipify.org
62 api.ipify.org
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
61	api.ipify.org
62	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

2196 msedge.exe
2196 msedge.exe
3444 msedge.exe
3444 msedge.exe
2720 identity_helper.exe
2720 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3444 msedge.exe
3444 msedge.exe
3444 msedge.exe
3444 msedge.exe
3444 msedge.exe
3444 msedge.exe
3444 msedge.exe
3444 msedge.exe

pid	process
2196	msedge.exe
2196	msedge.exe
3444	msedge.exe
3444	msedge.exe
2720	identity_helper.exe
2720	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3444 wrote to memory of 996	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 996	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4140	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 2196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 2196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 3196	3444	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://secure-web.cisco.com/1YnI6qkhd5GXSkZfZd7WDhVASwUGo4NlSsxzSYIqcF41o8n61pr6FC4SYTa0lDJkhz8jkuMmtnOICFw6udyMC2x8SXpodMh7WcWGCq3xoYUdroAj-Sot9mIF2aNqiGIBJa7MZ_iUpumSn362yJxHxN5g3J3yUWXGjbPsmte9DfNWaLzmrqJVG62mnz_LQ1ThzWP1vDBLWCetR9rH46MElZ7lSp7k4c_V3nR1w45ii_rIEm3GHE3FVW5XAS-XBCtMPAELxfRkuwWtu0QPMqk1RsJLeZrX4IdQYHZLkTCa3Ac_jFJnM8PPskjgYBWJzph3jt1GFEwhv6ItP7MlH_D6eeA/https%3A%2F%2Fapp.box.com%2Fs%2F25nmxk3r6x8jjf97l5nt9o7by0khdb7l
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe262f46f8,0x7ffe262f4708,0x7ffe262f4718
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15662172993637070241,6196793256214373039,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15662172993637070241,6196793256214373039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15662172993637070241,6196793256214373039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15662172993637070241,6196793256214373039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15662172993637070241,6196793256214373039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15662172993637070241,6196793256214373039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15662172993637070241,6196793256214373039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15662172993637070241,6196793256214373039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15662172993637070241,6196793256214373039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15662172993637070241,6196793256214373039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15662172993637070241,6196793256214373039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15662172993637070241,6196793256214373039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15662172993637070241,6196793256214373039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d814324c614bc80b034d1d6ab68a24be

SHA1
ec5730372df3266125f2a045f85dc08b8b390df9

SHA256
b206c971f2ef0cafb430a61ae779be46d1b9b937b9da3cbf4892bbf9b1927d2b

SHA512
9321c25853388a67b1ebc13ef56f50eaa331e2503d559f17dd2eb230033f8bd860109c5b32a39c07e5c2d9f67b32370c53e1735cec24274f435e5aab5805d6f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
187cc720dab780e653821afac5cb5fe4

SHA1
d31ea87c0467a019550eb79749f78103439cda37

SHA256
c37f98f62cb9699e4b1ba2a971dbd0f6c6cfeebf86c3f0cfb335de1a9046ec53

SHA512
0d8b9e01ab879c1020f95b9b8ee6523add437649ed6da23c2b66e39b8b7a2ac6a6b23acb0a25ca53e33b008c3cc4c8eb13bcf3e31b98c3226bdc8a675836e4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bdd40e80307edd18a2c04ad3716233e2

SHA1
9578ce248df46412640326d376f686a1d904cbd7

SHA256
e0b0d6aa307dc9a9d58a5f3368c8e9d6f3c70e3e8ebf2af3f682f438799c2124

SHA512
cf3fe24d383ac5e61a8d51bd66ae020147512e33867d35606d1a73b2e3fee70b9df7c063a645e66ec36c9ee6fbfc81ca98eb0cf74ab9346123aaecd49b470a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23b47ada0827561c7dc3334dba95a248

SHA1
b73da60aa8ba668623b76da0a4147c1bf6eccaa0

SHA256
e6c7da8072fe9544c9076765d619eb27c4eb8477dd7a595e2c166dd609cf3016

SHA512
8f81e8a4dba004b85cc99a40f3179451a1d4fb511bbd421044b3ec4b080d97aaea8ee757f665e97efa1221f9d8bc268cd90873e9723a735ccb6f5d1dfa99f5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
876B

MD5
f5af11a50a0645d4020d66640af76a39

SHA1
e9afabe02255148d50e2120e3a92772aa6ea7214

SHA256
fbae73c120e414f72e6478e4dc500b9f3d8696d29430e5c988c7fc54062c4ce7

SHA512
245fe99dd19e5320f37dc5c48d0306b4e9e8a5d42c33b51384d991396c79c034ee745ce6fc3c753bdb1b19babe9d01997e4fc7a0674cc9e5a8e3c528d0912e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
876B

MD5
2a708012625908bb441c06fbce958b49

SHA1
0ed8a912838cc65fc51109234f9551a211f7c19e

SHA256
8b752d1ffb799f2ef7d9abb3563a0d7ae2441d32b7b49676baff3a2ea87b3971

SHA512
3e0ea5e6536b9007acae88f5cfcd9e776c4085329dc2b90521320d469c0875ca0d8485ef351a9db2eb070710ae2f50050c34c562ff296f46ae83f907df2f0e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c747.TMP

Filesize
876B

MD5
54ee344fc87d0f9ae69acaf8af9d990f

SHA1
baaf4c0ae9146e7b2fec72057c21768425adb8ec

SHA256
e818c1e47e5dacda4dc4da2b116953d1e517c6291ca17494045e91ac18764718

SHA512
1a7076b97e7490a50dc419e1656f389094ad9305fe0078fe8ff68ebfda488e4356ab56d86d0b5479ff0362bd3cf7c7e883d971a808daa2ac92396064b94bf873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0da5d62af5b7deb16c1eb0027e0c1760

SHA1
beb68a99d4754552b50ce85b249ec7fb5c660d5a

SHA256
3eb4e0c969b84da60d0bb59defda2dd2b07ca75f4277c782b3d93e30858cabbb

SHA512
772eb5af8d4522be94140fa6da7d15316724ec8e492838ba557e64fa61fadc5041c8d186be9366c7b3693ab5b53c4078b968553071d3260883a9ac57b6348f34

Download Submit
\??\pipe\LOCAL\crashpad_3444_DPWUBVDUUUVYFOAJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit