hxxps://hello-messaging1-9047-cjnmop[.]twil[.]io/eread[.]html

Analysis

max time kernel
137s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hello-messaging1-9047-cjnmop.twil.io/eread.html

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4664	msedge.exe
4664	msedge.exe
640	msedge.exe
640	msedge.exe
3436	identity_helper.exe
3436	identity_helper.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 1468	640	msedge.exe	82
PID 640 wrote to memory of 1468	640	msedge.exe	82
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4544	640	msedge.exe	83
PID 640 wrote to memory of 4664	640	msedge.exe	84
PID 640 wrote to memory of 4664	640	msedge.exe	84
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85
PID 640 wrote to memory of 5080	640	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://hello-messaging1-9047-cjnmop.twil.io/eread.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff927b146f8,0x7ff927b14708,0x7ff927b14718
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,10828682834880211367,12022545493162735988,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\71dfa2fe-fb1b-494b-860c-191f57d37683.tmp

Filesize
7KB

MD5
62b33f0d4d8df0161832509d610126fd

SHA1
2c26224cd5a560a91066abee3154d36d7906e7ea

SHA256
cdd3004d1b3e9770fe183fbcd96b8324bc61434d53a17a960b3f5e41b96f72bb

SHA512
28d6d61ca19917f72ade9f45d7a72f0224bb629b2259519dda8369642b7f4cc9edea261b720eea95914a3b243ea8da6dd3159ab7a42cd8d259708172a63b583f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
18KB

MD5
bde9328f971f96d792546616824c95e9

SHA1
0aebe7deee43990e9e5f7d8c70d2d0d0a58ef1f3

SHA256
c3ced9d02117fd3ab27ef0a8a0d17397336ef098ff3e08e9824f67ef492ebd00

SHA512
fe4b1ca84e65fbd6f6d599697601ab01e23ec66b5a6ecfe456d409e9601519ae49ac62e9a99c9d29b2811ed25f8737b16f24af38c82e62a20178f36f8d8ab379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
276KB

MD5
a5dbd4393ff6a725c7e62b61df7e72f0

SHA1
55b292f885ffc92abce18750b07aa4acfa4e903e

SHA256
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

SHA512
850586a05b67ef25492bd50a090f1ec0a0cc21dc4e4efeb35e19cdc78a98f9415a3807318fa02664eade87f0e2d8fa2a2958cd0d712329800fc05689e01dc614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
99KB

MD5
a800b8c645d69ba0e5fc724d3c3e8081

SHA1
32f36a3da66a45af9c230a3e1370a6993482afa6

SHA256
f4195cc24b823ff3704e6501788245537de7c8f75e0c4b5efd874b1053f9807f

SHA512
d99513d8456c482db50dbe9f8af5b745c8e278b7bccda0c1eccc93c11fc9dec37b9aec6b45af773408b1a1adde17ecee79f97a3b04d0fe26e7673818fdbba8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c8d439c81c0fc7502da1784cf0660a8d

SHA1
6f5ba349dab37eab481eb348fb6a19b0075b7718

SHA256
b4dd1620ff94425f3da1e09feb0d2f148407ba1c30b5f8c9008fdb7629d8a771

SHA512
341551756af55877a1021fa1be697276e4e2f2d28579f1d030f3a5b1e11775a2465d5f6967c757d99dee8b195e18e9e479f25b5371dad94e596e782918e30ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8c2f787967fa63c4f35711c596a67b82

SHA1
51e844aa1ca0d939421f94f00f556b208bfb434d

SHA256
93e97957fdbb07ec955551855918c5c96839b81584c77b51434bd8d038069d46

SHA512
d31de0341ede2944c3dfd8341520841cfd15bbb3b0df642c2e8f225b5f9b381b614cbb70b3203472785b4f6622c2a37987a7c496c45a0bf58832d2a92076106d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2d16a4857a51b09843c91b0c186a52ba

SHA1
f674c871a19dd71a6f0e259556c756b6a9fc17b1

SHA256
d381288b3f132f6e40dd8bc29088d9741198c5d4164cf6d1c33b5739abb7a2c4

SHA512
9fac8a650987f3d5aa19498262e0bf3e89685f1e590757f2dafbcefd067a9c07e4a3fed656e29fdc1cde152c895236d1a7b5278d3fe18ad6bafdc1e24e179180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
76f3aef79a3a5c6e7dcd13b95a4f0067

SHA1
1451eb0362825b4aa2a1ecb9c727d13fdcdfff6c

SHA256
46265c23af6e05539babc4d116c861208dbb39908455fa4bcf5a2f4cd39550da

SHA512
a95163ee0c934f7ad6c8bc64c55a878053ee50e9c0db9ffb08429008503717ca53f5ddb3673ae1a1dbc3ed2c621b0903acd169f8f0f9bb5242dd120da4119d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f8beb8ae157655c71328561c1e0f7001

SHA1
69b1e99a5361e37b1f241c772cb12c1624e84283

SHA256
0f44a9231e26bf41ff82e5dcc01063ef27c7ebbba1a69cf1323d999bd5dc6dde

SHA512
8d586e1014d09b9d08c3eafdfe64df90269f21fbfd094768f2f491c4aa0d56baeb630e12c1c8215da04338d7145ef92bc6751746b07f7ef03d0bb45e1fc94ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4dc6ec775f21e20fecfffb9eaa00dcaf

SHA1
2793554348c3628c2e8ecb7a862a5af719114e9b

SHA256
ef7a8970183afea2babfdac9aeb3a3787eedb2ce51f6bd4953778feef2e11fea

SHA512
00d9888f8b1d84c2f64dce3a0d337c20c320187319826e4ac3696c6dae6da389f98b0df951e5f8c33acd1a2a3c97cd707a85536e67b421677dd3bdd3ebba66cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
fb084cac0bc87573d72322620ca2ebd9

SHA1
8b02bc58865ee152ea1f40571b2c363919da40a0

SHA256
34f34753494b6ce1ba59820539675069c1f8791f1f9e294d15c5744c3b574b70

SHA512
28e3746a86f706943f6a3adbf22debb7a36057eaae2b6faea472bde0e40ed29201aa9d3de7a1f8a27c0f8115c6bc91cfb6b2d33be04ff40baf77e53c331163a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586099.TMP

Filesize
538B

MD5
c9863961001e1c6b677d57bb7f63b7fa

SHA1
0b52943c5e211ed823faebcfdba91e3f6c271b39

SHA256
e9ff6c3e46b0d8b1e6df004e4942c97acf710d5c93d6b847fdfa39863223c2f0

SHA512
ea264242f0f3927742ad235fec6fd3f32ff7bc5c003fae15fea2497e8a4ef0149270bb64fd06c4ab3571f5a15b3c24cbce1f95604bc7917e6f19a0c980d77695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
13ca26599356b2a7b26ca29544f87d68

SHA1
365519d6e68b5d423f7df78551ded16125df5fc3

SHA256
6374d084faec70926f2f68e9c3d0eeff7fbcf6340039b2d57eca61c55c8e8feb

SHA512
5d0de527dce4c8f88e9c8d4df199d28866feb0d194f0c9f46e67a38703567ee9495cd811d198aa816585c11d92a21614914536e9b93f6332f83707677585b12b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
e82cd099a220291db017cbd78a27f5a7

SHA1
1d5bd03b333208609f0227e58b2213cf90fadd43

SHA256
03f071a3212e9d1d0e681f9cd350a3a31c8eedd962fff1c3e91448aa64e6c68d

SHA512
35ffb5d774d2518dba9ece8953581715701767a3b977a93878626af3cd0072f9b5547693d6fc625fd9d65c6529165b13201666e4a6b5ace9faa8585e5d1d3e89

Download Submit