hxxps://forms[.]office[.]com/r/Qk4EvdJKHt?origin=lprLink

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://forms.office.com/r/Qk4EvdJKHt?origin=lprLink

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1160	msedge.exe
1160	msedge.exe
1128	msedge.exe
1128	msedge.exe
3084	identity_helper.exe
3084	identity_helper.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 3928	1128	msedge.exe	84
PID 1128 wrote to memory of 3928	1128	msedge.exe	84
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 2804	1128	msedge.exe	86
PID 1128 wrote to memory of 1160	1128	msedge.exe	87
PID 1128 wrote to memory of 1160	1128	msedge.exe	87
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88
PID 1128 wrote to memory of 232	1128	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://forms.office.com/r/Qk4EvdJKHt?origin=lprLink
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6b1c46f8,0x7ffb6b1c4708,0x7ffb6b1c4718
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11632403525552613675,2693920984138861969,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
8f6995d20749d88be382d28d655da53f

SHA1
ba5dc7d84e02adc511f58ba7ec99edeeac54949a

SHA256
8a6415145ac059beefee3d161620a5abcc0ed60a8bad856994c78df65f1033d3

SHA512
a251c59a2c52791b86a5fdc38ef4d126d4672a67880769dd3f16388b58f8fc5332eaf46fd81d8aeb37eb83ae06bed88300b78c643de70dbd9ca04d8ee368661d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
be1282f66764747a50132e0107f42f96

SHA1
1587a41fc5c9c1887e67e8437879369f448de2ad

SHA256
3f27f8a41193a0599cc0b521a271cac9a2afcf8408c22e1b7a719287693881d1

SHA512
10062ff40ecd5c72d866b2d47dd16c3e705342c53c0771680ecb2c8c422e2b3aef2a867119885f6f10a14e9b34dea998374f95699bd1af93a8482902f33a2bec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f202c5b17bf84483a07d38c384fd2ea

SHA1
225a008878f2f6fb5ecb07c68530b62fe85e86ef

SHA256
2d29906b7c868fdc848b02256759cb2a6d913a51ddea2386b0c6689c933e7026

SHA512
238ede9fb00d7b97061a5bb6a7641af551a86b36beea8577057bdc4dfe66f73310be22ba7d41be1e980e5c937805e7d0785d3690e011029dcc15f4d417377131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cb8350554c82f4fe9bf59903f1ff3d8d

SHA1
e16f3758fedbd6e3cf63c6fd2197f1d715378781

SHA256
a729461bae60d1383d25a699d7af0e73e73fe2b1d1e77ddde292082be93200c4

SHA512
f1869aaf1f3598c103674f1f7efe27328ef886dd73e53ca2ca028ffc9e1ec1edea2b1180684829c912a520e4542e7769e15190c14da414545b4633000e6dba47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6e7d011e6709ebcfc5465bafcf8182e6

SHA1
245d2d94562d54b793a09e9741d64a3d1a1589c5

SHA256
20e01559fd948f6793bf22b8674f131adb8ed9bc3da9eef5d2ae369cb579f2d3

SHA512
2a21a3ca81dc9a404c2c007a4718d1a155b8f02a300b609983c1c18605cdb46f5aff39028676b36df05321b1ea4b35d67ea6b7e599fa9a2182f4b2a04c8ab89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7aa426e66fcb45603618af1a7250290e

SHA1
4e5815541a991b58894e4aea40f1547f6765c886

SHA256
28dba9809521e81d59a7744906d12256c86d771dcd512f2d0b089fd283a3249a

SHA512
4f3eb9fced1d90b49756d7877c3359957e6d193f11044dbe201623086f7968692c31729af0b378ad4937acf56e502e86cb25e1677c603f551f397ff14511490c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\db1c45f6-5ca4-4a6d-ae6a-13f59b240370\index-dir\temp-index

Filesize
72B

MD5
97769608e003a037994fbf4c9fa17787

SHA1
f726829eb9644460c08993fc81aa7a74a73658a9

SHA256
6497f75de43118fccaeaadc6d86e33236c80d7e35ac305d0cac9106d8db4b7cf

SHA512
a92a3bf9788c6502aa9efa3792b2e06bc5336f3766eb7a6dfd4cb9779dc7ef5ae5a002e25440f8e0bb39a59eaa0be378a91bb4d3c92c9d9f2034b59880d42581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\db1c45f6-5ca4-4a6d-ae6a-13f59b240370\index-dir\the-real-index~RFe5818e2.TMP

Filesize
48B

MD5
8500b4737b0541bc70a8da4398e9b96e

SHA1
df57f1d54f3e7d2c842c26fc527970666ec75a2f

SHA256
64aeedd465496cc9b91c06ff9a40e35323dae15e28d2f488e3e502b220094e8e

SHA512
542b9fbaac4131cf37e578629a8669b86369ce741c09ef89917a0252738ff0b9208ba91f3991b8bed148c865d557fc21eb0e9793962b0334e8a94bb444c279ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
92B

MD5
05e94a3a2df1c55f16b18dab30e3d670

SHA1
74da7b67e0c8c727647a0dfae7ad2f6cbda4f803

SHA256
62c24fbd375d538317a7009ade6fa4e8a26355a26fe8e1265b218ecfe874b299

SHA512
3a45e237e26cae84b5e8cf6adee72ac6cb01cac97eb1f0c74de115183b4df9f8c3465489d5dfed12a3d3d322dbdec4e783b32d30bb828758d5eb235d388c9855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c67a00d9d1fe43239f2bf49bebc287eb867542bc\index.txt

Filesize
86B

MD5
ef560a1a58e55eafc4e3f0b6ccdc45a1

SHA1
7e4597296156fab57ebe3343f59e4c5843fb8763

SHA256
4c7e82b4cbc909b81aef78eda1432010b38c147bc946689737be314fe18b9cbf

SHA512
bfe3432ac4ace65b33d59223f8df727286e95285b7a59d01f1c819d6dd872eafd2037e359192010ddf48322859ec9191b54dcd524f6e309af00151c8d12345fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
de75fb71f13a2fcd11b4a0027052a9ea

SHA1
e2f128090630785a5c67bc09769379403e367d58

SHA256
f440ced1f18ecbc59e9366668eee2c442e5e749ec9700f35ec3d8b19b7c855f8

SHA512
3b29b108572f3a71682dda415545514618a32eb39a2e823444a205fc47c6d1c88d02233e05cff8027fd4e60b0bc345e5d776f7429187150c286b0c0f3b0e49cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581865.TMP

Filesize
48B

MD5
69432adb2c6b26f9e28e26f1cc04f6cc

SHA1
8b188109776eea44a613da0f35f6627686ae6643

SHA256
ea8dbeff33781f8256cec08aba23a0b10912aa9bf9f0d368b63d63cfde686a17

SHA512
62e43fa30f882a2e2d3fea81651af948dd705a4b2e589e49395385a865f263d7003d77f72f1bd95253860c07779d64fe8b2e66e53d2fee536308c7d8a25b89e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dce448d9d41c12e056ffdba875ea39da

SHA1
775764ab892de66dff887e72907026e16ad83e0d

SHA256
97c5cd93bbd24ec2ab2310811f4f4e8055336b6b5a1f5aaa4320e9729f9dc5a9

SHA512
3ccdbe55b6bb746543f67753c4461eb907aefbf44178245f997dce70a59865bf1d3a0bf8673be2c5a2f773c2cf62f4fe3a99d339e15ac8c6475569dd6be3b158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b24.TMP

Filesize
705B

MD5
496f5db7689aa66b7571743d7e491969

SHA1
cd6634e394ac6da0c0a7c20a6078ddd3a057e0eb

SHA256
64f464d1b53417d3ca63c6cf1df9c39a05ee7c1cc482753fad6ffcd1c9c833d3

SHA512
49cce81663d3229026069524e123d83c737ab9e7c284aa0fa6d7b9237d5bcf95c03e944d832c190d45e70e7541807f2e57851bd8535fa54783097bacb5ff1774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0b0878e71e2fbf0275423a29d75b615e

SHA1
b3939166662c980b0f4aeeaa3b7065621913cb87

SHA256
d070f001bf93528514bc6f183d726eef5d3fe31cc6cb0823ea394cb5cf07f626

SHA512
2fd201a935b314f74bdf77bd6f0f943ae0769bb8ba234ab24b16aee3476eaeb9d568922826b245a4c02f5c31017605e5dbace695364eb20b36f72d66bf4cd96b

Download Submit