hxxps://aka[.]ms/AAb9ysg

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aka.ms/AAb9ysg

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
844	msedge.exe
844	msedge.exe
1964	msedge.exe
1964	msedge.exe
3612	identity_helper.exe
3612	identity_helper.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 32	1964	msedge.exe	83
PID 1964 wrote to memory of 32	1964	msedge.exe	83
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 1548	1964	msedge.exe	84
PID 1964 wrote to memory of 844	1964	msedge.exe	85
PID 1964 wrote to memory of 844	1964	msedge.exe	85
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86
PID 1964 wrote to memory of 1316	1964	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://aka.ms/AAb9ysg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83d6046f8,0x7ff83d604708,0x7ff83d604718
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,5650651458465004084,14554939899485737657,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
8cba980e5152ff575741fee680add5f9

SHA1
91a79868f786bc32931a429ef8701a484392aae2

SHA256
1c4c4573cc59102f4ad583332cc849eb57f9cb4dee684fca0a8f73987c300622

SHA512
0db1579ce7ce35ccd910a71794ee6d3a51aa7055e1c3ecf6372c43d6eb478f8e77370ed3e970766b1750da9b483aede2e007467c51a273657e8e55b26ac1c403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c0c807c2bb812892d0871c6d919a4881

SHA1
49fe627ff4db1894403151514d4db3fbb1a04428

SHA256
0b9ef8d09c46d5ebbdbc322c3ccc09effa0bbf2453386f674f9f53904697f8fd

SHA512
fb8b5112059eaf81c775117adac382102f7c8af053dfcd9221bcc5654ecc3dd4aa418623cd10a9730f209110a11531919fbab04e2d30e3f0cb022da159d0b119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
38c56af028e94cb2546e9fd4ec029198

SHA1
9c17cc78d1f0e85c5350804e6725e17212a851de

SHA256
befaa9ecf8ea8b122ed432d54ac2439f9e1dd6dcd70ca5e13ea28a9ddecb6087

SHA512
0d8c6c1de17f20b5968a6fc8d82ad4c5492aa26ada3a5b804da8dc05c505ac4ba6e647467ccc5ca25da5522d0aa934cfad074c4ea65468bfc61d71972d3dda12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
320c18708ba35a97f09ffbaa5eb38f06

SHA1
30587efd3e7467862ebd6caef30e26f2b5dc8df2

SHA256
172acb193b52b3c4a0bf5562582b9f4e7afe2726effb68a84d2aa0d0e5bd707b

SHA512
4202e37cc36a1a52e9977b312931a5bd8055171334a98b4138b039a6d5818fe41e9a9d91a218325144c6b9ed8be2c6c5948346d1cf9a8db7c9db078a0231d178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
66e2f3bac717c32205ba601184ac7247

SHA1
3056544d20a4e445fca300d2ae9029c14e8e10b8

SHA256
e991400649ee70d5aa552b744cf8a619c69200e3353cce3935c8e738cbb19727

SHA512
1e90860318ddb81cc2aec045a081c857c1f11106496626c16eba681a83c7d36849bca530c0446d48bce85e623c0b5dcb08ff268758d2f24cd2e5b262366e1a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4459b760d9f8d7897d4a0d60d8230cc1

SHA1
dc3c32e0570e208eb8e92512cdb397a89d4a2dab

SHA256
d32d2773e0b1048b82fcd405d28c52d31630c1eca0c5fc3519aea3070e63ca78

SHA512
dceb02f5074e6bb3c0dd247262832a16fde3076d47b04d0ea028381cc1a360213b7e5ca95ee8cbc5a47fb19efa90c80edadcacac9f0326e5bdb30662f0c93fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
404c616ff25c8a79a865cbc90c7b30c4

SHA1
bc071200bfeafb107fed7292568b3a43f6bc1bf2

SHA256
feb6d6b731b8ba4c9ea9b60adad41dc7ec122276a43762a3d9634591e92f43b3

SHA512
d8cfdef6df9609f6556324d5cad2bd306e3763204e2b8f6faefe6996fe2909b8348d31847fdc9ec7abdcdeffd0909dc76f34f25d07b1bc854a96ab3af220d725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5895d2.TMP

Filesize
48B

MD5
5e3fdb6b80bb519ef87910409d411b90

SHA1
0931b8a7004ed2fb39e6e60036607297c892fa4d

SHA256
2cf79d4f57c8f5cb05aafc57f9ef1ffbbf9c292c465222b427efa5f2617560c0

SHA512
14039c2eea64fc4cad7f63259daa095c539cf3bf29c9cffb99c8052e01995a43ec97e3ca3d837803ddc8339d9dc41e4ab589eddf20004cf5d0f1520dfd084731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5864f31b80a29f45433626c20749df6c

SHA1
b604354fcab917ef105c1e5ade9618863585b1d0

SHA256
5fe6e01e76b50758770db191a2e32c0db27b503c260480a45011dd3a1feca29f

SHA512
ea08ff4ef0c2adab336475129bc32c060d25c608cd7ac8ddbdbd3ef0d72468f74c60f0fa1694005176a5030b32091b2e0f58386f117105c80f1da051fdadc69e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e75701bfe52fb3fc8aa001cad0d894c

SHA1
f119b0dd90228bb177edfe17f9bffdbc6ddf76b2

SHA256
af6f9b9b6b7d0872662bd17bc882f6664b28a625fa2fee5fa8a58be6f4a0da5b

SHA512
ff8767c96a8f13d6ca20c473096d5164fad63b7d3587b3f95d2012610cd0f3e69c25442b36d4e04a5472b5ba64ebb8bec9758431fa823416a909261a78384db5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585985.TMP

Filesize
539B

MD5
6f690922d386b700d8d40281c3f0c88c

SHA1
f1fc6c1909ce3a02ff3191add70851522664c93f

SHA256
95a8a67e43006ed075f2b66aa1652acdacc2c8b59a5d2c286554623396a812c5

SHA512
99a244b2c20dec8e00c52421fee6cf6a1fa198c784d8b51c12b027ef147c7b48e2c05914972a83a4d792a779e49b1a99add32af0ed0605575e32ad7f401a62d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1544a40ac78a12d474bebd85bd5555b0

SHA1
f843a2cc7429aee2543779d2c154b0a25d29936c

SHA256
c2b0a30fb8cecd8373115f95bf54326a2ac3905c30e1b82227437d3adb603aa8

SHA512
b252e2897ca34b737fdee887ae828ceadefd174fa487e10d11a7e254dc841f6339657646420856a01d1a14281db57f221a12f59ff7a44b691350fe762a4c5a9f

Download Submit