hxxps://revi3wpage[.]servewebsite[.]com/1729-2/

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 15:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://revi3wpage.servewebsite.com/1729-2/

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2716	msedge.exe
2716	msedge.exe
4388	msedge.exe
4388	msedge.exe
4420	identity_helper.exe
4420	identity_helper.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 4632	4388	msedge.exe	82
PID 4388 wrote to memory of 4632	4388	msedge.exe	82
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 3108	4388	msedge.exe	83
PID 4388 wrote to memory of 2716	4388	msedge.exe	84
PID 4388 wrote to memory of 2716	4388	msedge.exe	84
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85
PID 4388 wrote to memory of 3156	4388	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://revi3wpage.servewebsite.com/1729-2/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff764a46f8,0x7fff764a4708,0x7fff764a4718
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,5563603937750634462,10552688555041271120,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4576 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0f7734f3-c4d2-4c5a-babe-dd2b8fdaadd1.tmp

Filesize
1KB

MD5
3a5951ccc8683572733d8840c61c6fad

SHA1
eaababc6a3ca50696aa5601aca2bf24f29f7b1ec

SHA256
9614440a65000aa75fa0dda45fad4253cd1c8821b74f1a0d9d544a520eb9144d

SHA512
9f2e5b3c53c46e3d08c80f34c57cc91d7d9c45279bd3224de44798e9fdcd7bdeef4321678dc10e755fb64e32ea251a96296b10ae6d2c1ba7b24cbd6676b22067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\66123a48-e6cc-48a1-b359-03260a523b15.tmp

Filesize
1KB

MD5
079c75c29d7ddfc50736283f8564811c

SHA1
aaf2cdb98da4f117145c64ecae806823c9b25ef7

SHA256
340f3236317c39b99444d34e40da485b981db7516c5a6e38dda6c2f5dae88480

SHA512
ef8e46a8faff10959e15a277a4faa3587f3d3fb3d4831770b501d1dc5195c1b17c2c9ddd53840327453087bea8afd55e3c7c936482f0a723c7f7e891156f6e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
e4ec48696fb4f5d83ca059ccb3579f88

SHA1
5421526df16cf065ad77f703fe950e2a913c7369

SHA256
9ce8ddb5c495438d6e3571c22ecd52f12aed7ad262c22dce08018aaa9c709542

SHA512
2fc92ba91e2dd0064a9f71ff28deb9dec0fdfa61454ec5d5d548ccc2ac6bcc707cde4340b933f0e6d63a84267cce77b339ddd14a0595a24ed4ac150e17524a83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
26cde8a75be376557944322c43dca924

SHA1
0c408317a78c70d692015ed0405bb2b6656d2ccd

SHA256
3b40edb5d45b6ec150d4ed9a1b0c1b4c07850e31f5a5d4d535fc2000a4f3615d

SHA512
1a023f144b29ef22fd937eef31a114c34e1226cc16d2ef5997165ace8ebcbfc7478971e6fef7839012cb95137758da43f153a39dad14a1c00c8c93bed5bbc069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9349c1d460aa5a58832b27bf79feaba5

SHA1
73fd9d92dbef851153096da0c5ba4dabc6bec0e9

SHA256
4d76391f7f7d809dfd2a9bafcbd3f8ddfe1a86e0e24a3f46d127becd3fa8eb5e

SHA512
e2e643c725da35df08ddb7e96c1ed300b36e569b8535bf9eb8455374967ab5fc8fe4c98ac75e774aef8718e599d70ba64893a018ca1dabd6dfd7c555a1a54659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88c1badd69d2b02343f7e832ace0159d

SHA1
09af5c14fe400c6aaa77e5261abddd814523c19f

SHA256
d8fcb3a2d57c6dfaebb9f210fbd7b1e62d66367305fbb3667d77f1c770d86f38

SHA512
9ef543839193dd5f77fecedd3e7096f6dbb91e3d02810c0bd9a5e60425d7fc5058569e519522646929694fc31da3d3d8e27ed90df1620d917911cb756bba285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
79a4fa3c0551723eed51d9e11126787e

SHA1
c66ed6c2e88528984d7bd1ebdab81d9153de887a

SHA256
b86cd977923baa4753ffa2eee17b8dffdcc203273ae046e17f8953263421e542

SHA512
2a9cce3b4631e1cba6f4622b5c58135b05369aec1a7d0f597f493525cbd0707b8cab08ab4c87badbb3ea3f7fcf66ea96b4ecc503260bb144261fad351ea9b237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3071f4e2a4dea2e57bb112fbb2c8bdde

SHA1
c47af7d49ecaf0a3eaf630044b1a90d0be16c473

SHA256
b8f7a9656588f453177c1439c5c50404bfd7593c38ee9e5fdf818ca2ff7efbfa

SHA512
747ef3fb8400cf89aca675a51354713f850f1c3c4f03fce97873dce7240da089caaa2cf8fdc24f1f9384f3c01c96bdb8e2c0a257390af060a10238dc2347a936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa801319ff44edb3899ab2ce9ef4348d

SHA1
5e55f6b2886a944be052b50c527274bafe819fcc

SHA256
d9533244ff74cc9a30cd5b6338910bc749bf64c242a943375b86fc4b9e1cf54a

SHA512
ab51efb2113cf8c4423e854e1a59f58d35f925347240dd7a163f5b2cfe866a7295eee77d1361e47462b8260a5bb5cb6c29277b215a2fe017b0b9b8c2d259bd66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a62b34cd-e754-4278-bbd7-48181ecb1ccb.tmp

Filesize
371B

MD5
f30bcb53dda7be4d7fafc9631ccc4e21

SHA1
d0568fb59b43f389728b90e35916edf682bbd15e

SHA256
883d75fd1413931ffdec95e9b7ddb109aebcedee2927df2c3afa604ce5d9595f

SHA512
bb328abbb767cdc6e538f8d58d43e8678527bb81954348feea43ef4aa8e89004a4630d020ed83ba19f113972f951a16e64026bbedbf41122bec1836b6929600d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1cecd9ce838dd6d117a38f505d396f66

SHA1
c01e79be4fdca86664d0d4c38eca673100f0515d

SHA256
7ce0bd0e88b5e6236ad5f37d8a213102a2af3c53f92e14ee73d8067e5987e41e

SHA512
e784fb62a82f98899f9aea882e6161623c6ad8d4155cd92052691bec67a6baaad2ecf8e43d18ca6826993157bc58aa52824cfab6a9617423ebc496437c85acca

Download Submit