hxxps://forms[.]office[.]com/r/Z1BhSVLvLC?origin=lprLink

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://forms.office.com/r/Z1BhSVLvLC?origin=lprLink

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4172	msedge.exe
4172	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
4680	identity_helper.exe
4680	identity_helper.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2316	2180	msedge.exe	82
PID 2180 wrote to memory of 2316	2180	msedge.exe	82
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 1468	2180	msedge.exe	83
PID 2180 wrote to memory of 4172	2180	msedge.exe	84
PID 2180 wrote to memory of 4172	2180	msedge.exe	84
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85
PID 2180 wrote to memory of 4068	2180	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://forms.office.com/r/Z1BhSVLvLC?origin=lprLink
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8ec646f8,0x7ffd8ec64708,0x7ffd8ec64718
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1936 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4794105707329206904,9177156656209220031,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
165KB

MD5
34049e45a502035c1ee78f0b0967588e

SHA1
dd604c54963f4ae0cb4cc1c6890b66822a6d7b82

SHA256
a84c114bbb185448de945b27fca0b6ee207f4801505e3046f35db050f4720eaf

SHA512
07b046af74583dc5ccb2dd1a636042b36dd4ee50aa6e7a3871cc26bec7aee823dcb2ef8bae3f465a374b04ae92b8cfb90f41ad3a76a0d2db1b6ca764d8eb204c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
142KB

MD5
d1e0216a2cc3db1dd95ad3230a39a0ca

SHA1
a629d848286dcdb6876631bdd3bfd7dc6e05422d

SHA256
b41f67ebf201d922b8668a628078e11dbece1fdf875d1df93495c3ba3cd31372

SHA512
50f8b14adf524175f2867c7e198c71f78a5b9a1c2447229a418c382519299820ea1f0dc77af121c58ea116e2cfb4163b62c961cdb7091fcc4e9691d6135f3883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
43KB

MD5
820f40594a0e8d5f9d58546208aa9060

SHA1
e17ed5116a34c432013a244c979ac9da53829d74

SHA256
f8f708049e1e1609af3959cd21eaf313c8192d3e962887a7a2e1f9b353d3fc80

SHA512
95879b255a90ccdc41c8696bf7aa05796db56528fc4be78f2d13eb2233740ac8cf0f92bdeaa169ebc5c745f3e76ee9fc67d2626160b9e01c5f5a19b8cbea605f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
175KB

MD5
7107c752f3901d95bdc4e9d46ac2b6d8

SHA1
747a0d933dc2ef38a98fa11a44ba661ec6a5eae3

SHA256
c4a5ecaf090da5f8115afcf0d4b723810054ecf3de31acc5ea6d48f9eb2d4111

SHA512
71d4ff3fa6c9a902b299302109d034d4610ac8a31ace170f09a3f66bd0d1259c41361fc29f2205fec6eb49995ffc73563399a6ccc536b8412bf1064485caabd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
159KB

MD5
78450fe21afa3391dc4dc62d5f1e09f2

SHA1
8aed39e81b26f10dd32c5b131eb7493d6d41b06a

SHA256
4903f015531ad7a745aa8c5155780c51adba6e0f671607c3fa1447795f33b794

SHA512
46db3beebdbfc0ae2b4e6d8f015e0f122851cf57662d5f445e2c4cd4f7ca2097690a610247e08f789685411d75b018cc35bc0a679b4dcf9e68c9fa164f347256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
8cf340f96a7bf35db2e158da0cf31e99

SHA1
0ff9bc1489a51a112a89f9957f7f9552149ddfa5

SHA256
c9e6b0575e2c2f74bc728e1fb7dc9a3584258916e7773371197d7626cb16db81

SHA512
ceb70f82649148a309ad40aa527e53fe8fca3f977a2ffc75922c575b3fe9738eb3bce3aa1217711bbb440ead3d9b44472732dd8d1db635e48578e2fa6555edf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
285106354e6dde674e959d1f1dfa6197

SHA1
fbe28ff0c6e098bdee2c9e8d562e4cb881a96cd6

SHA256
bd14dcccc3971a030233a2520ce93adb082c6aa7f559475a10c60d92d77669dc

SHA512
daa770c685fb75cd25ff2616dd6e30e9a3ebc975bf37af48b8246729770bfa63cd926a3b1b196d379a7cbee679fb243aa861722fd0a263fb6e7c478cf4566f0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e46df915ef4d2d0d91ced2c444088a53

SHA1
e115b92d35c5abc42b14235ddc561fe8df0ceb8c

SHA256
3aa5c443746357c48524726c94d2db596c6fd52d448daf873a565e544fbce384

SHA512
ebcd678db0b9c90ae1d9a4189aa44a93bbfe137999aeef6f1f4ad5213bb0d7d35c9fcef6c19af15bf59559b4c17dfe5ffab1f8c81ede219dfcc64640eb2afb8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e1ba41bba94533c46675d38977633a8a

SHA1
2f5dbf1084bceaf356c2d18b37addf3fe5abea6c

SHA256
782144955c31bc30a33c2d4b6b44aff7f5cb5144c4f4e5ff9d178aca8a81579f

SHA512
729ce3f7a63ad2b88a75ae0dc321bfe1a34107b305b08927e9ec85de7c0984fb0772c70c5f6db0efda3375ccedb37cd3c770f51f267c448f6e6202059ca4c2b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2bb2a75c7fc5fa0cf340ee7c37366a88

SHA1
3789982ce1c4576c1d8cbe8ca7093b5a4ce5286d

SHA256
de9322a48cd2a280493a7f90b6bcbfc59f3854bf16f102436e64d398e483e900

SHA512
cda4291594f0b545b6ba34ab6e27ec4b0d3dd6907696480e63d67369d06716d068159a606b6b27e2294eaeedc4f07114e1d38c31e6ac6b350c536780c6068c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
89ba87cf94f1bb0873e66f409b43745e

SHA1
02b702d1be21b14d91306a966a0f8a14d8f4cc8e

SHA256
67d4a4bb33247f52d4828453d7b3f569076eb74fcb64770d9cf689c7f977ab03

SHA512
0c37ad5f9af5882e6bdee6f1e690aebb9455a2dcc655973c76af2299c76b0bf8a53b59e6d910aa0437a9ce95de022fbe28b53209bde89147a815e015a8136025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\f4e2dc89-6dbb-4d20-9d28-dda15d9d1a02\index-dir\the-real-index

Filesize
72B

MD5
05f800bc98fb50b6d05178ee72d00be6

SHA1
a972989cc39cca2fba87a8c2eeda63e690537235

SHA256
046ffa3a9e9361c220dcb00c177b39191afa37c027c9b7ea0b2bd1e3023f3a82

SHA512
394e5c2bcb6e875d46ff0bf94ea2867c97fa956482b29fbfb813428c30a9568be40f1c6824d6d3f65277ee4c6ccafdc8a3edddfa1f8b056bca7a3e3f09a62aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\f4e2dc89-6dbb-4d20-9d28-dda15d9d1a02\index-dir\the-real-index~RFe5805b8.TMP

Filesize
48B

MD5
941201ef6650e239bdad1ccb02fa627c

SHA1
098e8557a34fa7d185e6c1be7882ef4b000332a5

SHA256
4201ea84676505edbe71a4d5b7cbb7f00a65e10e0f27a97d1dfcd8d08484a913

SHA512
3fa5c6c84ff5bd5b3f3123ab51011f271c9fd9d3a45bc8b177a438ad40485cf3a063a596c4f22023ffbc023da5fad82beb851d5052cc343389f1682c39cd4ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
92B

MD5
2f7fb3e28fc0a8652975b4e1f1103c9e

SHA1
c4ac6ee2e5d95fa55cf9528ef56aab85dd3ddb0b

SHA256
97260edb2341db795d142fe71edf79a30792a3df431c95b308574e2f3cbc367a

SHA512
7360d56fa3374af3f87452c216d14d9f8a740130e88e802411ef8f07ac08141a6cf7002e4fd14d8542c40773f50104128454df3b9b0107fa49acc4d3a5989e0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
86B

MD5
a056df3747953707657b1d5efa94e769

SHA1
924f7941ca2cf55c007ee7a3330e4e0738401ad6

SHA256
944e54ac3640a9ee6f8cfb4a2a3fdec6b230dfe430647d118eeb1dc070275b2a

SHA512
fe490a02ad3d43bd1e0d352f61d1ceff8c44a5ff54f5b05ef27d505ac87f1040ad030eaafb4bcd9050ee9c5aff804d77e4cbfbb5c71a512cc85df9e832d8d8b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ca59b421ea6d8bf4a9509664afdadfa6

SHA1
15d031858960836808d5ec39cc42c10ca4d3e4c8

SHA256
d71c0336ddf17ee65ce6cb5a07b4079a0ab538bbb1f7e19dd6790c4cea969df8

SHA512
17c9a15c96d0842798dde0b499d0e3edca8f56db6fd0b06dc34a57ec55e033dc7a125be858e0c0f39e55812061ce5b6206f655e661be3529d15d20a50d14d7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58054a.TMP

Filesize
48B

MD5
f4e7f11c162d863a7a79711d5f061918

SHA1
6365358ab0d7988afae8f2b0e345a2305ed62a72

SHA256
82720313cdb222666316a3f109e3d51c202613511d252709ddaa2dbd7161e5a9

SHA512
5447f2f3976684f0dca5238dd1528a2e2a7e394c21379d220eb9427c9f97eaf9241bdc57c137f6d5efe0d5a1ee6d156978e10bd2f67534669ec3c22634bdfea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2bfc5139576ddecf2c753239680a9e93

SHA1
0f5474d5a84ded5573cbdcdf8f3e71f13663a952

SHA256
a59a80925bbbf87148eeb83f524ae0bb039055c86a8a4f827c7a48b267ac733d

SHA512
99574566c217397759035b617f28fc8ddcd2e8c702005b678f013b9092b57c7a36fc48be032ff6a897f555395501985c4c267bf2208e91ed1c1de55410fdc244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584cd3.TMP

Filesize
705B

MD5
78a167860d746e90f9cd0699d457ba35

SHA1
788dcdac88d060111a91daef2c187605de298bb5

SHA256
2515fea2003af3806d79b30da10781b06cc7046fac301f476121233e871db5c3

SHA512
2d2dcb91119a5d1623ce1ed45ce966b7792c33b0a768818560ca3ba5defd059090def2a0f26dd2a9963ffde089871e84fe57c03d076d067ffc011a234597fb43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e4f48c0ec4519227005a4e1828169a95

SHA1
cf2a3bd7e1e37655df704844c8f074bcc52ad6d4

SHA256
f8a51e8d34641f80ea66407a1b5351246378aac127e608fe45c067ec697d849d

SHA512
8ed7992368b5d943e9498baa18e900e8b24ff94fcd598b86727a4996d4038ef807e042beadf5a9d6b3142a27fb7c599c7cbd7c0004396475739f48e34e1d4104

Download Submit