hxxps://account[.]live[.]com/pw

Resubmissions

03-12-2024 11:02

241203-m5ff1asmdz 5

03-12-2024 11:00

241203-m4b27axphq 5

03-12-2024 10:58

241203-m27fbaslfy 5

03-12-2024 10:56

241203-m14m2axpck 5

Analysis

max time kernel
70s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://account.live.com/pw

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
472	msedge.exe
472	msedge.exe
3732	msedge.exe
3732	msedge.exe
1596	identity_helper.exe
1596	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 4496	3732	msedge.exe	83
PID 3732 wrote to memory of 4496	3732	msedge.exe	83
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 3988	3732	msedge.exe	84
PID 3732 wrote to memory of 472	3732	msedge.exe	85
PID 3732 wrote to memory of 472	3732	msedge.exe	85
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86
PID 3732 wrote to memory of 2964	3732	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://account.live.com/pw
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8dfe46f8,0x7ffd8dfe4708,0x7ffd8dfe4718
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,13127882708440677046,4092394884392882474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,13127882708440677046,4092394884392882474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,13127882708440677046,4092394884392882474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13127882708440677046,4092394884392882474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13127882708440677046,4092394884392882474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,13127882708440677046,4092394884392882474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,13127882708440677046,4092394884392882474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13127882708440677046,4092394884392882474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13127882708440677046,4092394884392882474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13127882708440677046,4092394884392882474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13127882708440677046,4092394884392882474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13127882708440677046,4092394884392882474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
45KB

MD5
750742b5bf36a17ce19556504179d864

SHA1
2b7faef1f0ac31076883ea54f50b02e4ea777ebf

SHA256
c01600707a5c82bc3b123e04505d57057147edca4dc97b75e8aadc10a0c7c6a2

SHA512
cae0a34d0c44a047d6fec5b2f1ca1f5c722cfb16ca94b12d6c089c361f2d1532b1aff73ce4df67ec56e3da6878a82a0355f73aa6904c303247f41ea79195f5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
32KB

MD5
2e287eb418940084b921590c6e672c9e

SHA1
1fc75a9daa054ef88aaea181f3a9b4cba2b6b6e1

SHA256
6c2c58daae76131a00d1bfee20852f372cf594be7f4a8848acc42f8bf72c1bbd

SHA512
a77f69571b0f04f4a2354d9e18e41ef86f22274eaed20c02215b632bfef09c6543a83591e9db3f2b4036a9684bff666eb6a7b253ba18893500e9cd541ab752a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
1325cbfe3b1d2773928475322f124c8b

SHA1
da1d151b35c0a65b9d039e4f4f387e60be66430c

SHA256
4ab9d6d8947bc7ae2fd62bb058c9aad61a4d5f738809346af2d8a0d183d2b47a

SHA512
a83d4705b4eb1694eeb18e9ef3fc8c9924406f02d643cec46c3209466c225f123712c8a2186d2bae9052ea3afaf9af1cdfa5243ef3fbb22a063ee24f8d952aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
838dc7521d34cc08a8d576d3ded8715b

SHA1
4169397c174c781b57ad3b1b6fa679a2a1edf518

SHA256
5afdba988796e8d0cbc085cfcad32d796caeed5cf8616a35cb780dba07100d96

SHA512
019cacbe215ce902119488c52a42ba5a1d3a19f42cf0579fbf4109de2fe44844fbdd6aecd2cea92cb3cdab56586ea73332474bcfcb5867199ace8929d828d282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
31e8c35d1b8aa451e57aedc30b3bc51c

SHA1
acef63b16ad9aecea2239424bf1da1cc84def3ba

SHA256
576419968a91234bf7d14ccc1c5336e20d5a7ab54607d47d264ba37c218e1944

SHA512
a2b82a6d462ed5c4cf1f5691f48ef2365dd85f4877afa4e6b1a36235a6cb9dcd8e02a5f061c1599a38053d1ad50b06b5a98f8e12a8aff492327a72a4c69302f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d7cb26f2e409954b6eba9d781ffb9d8

SHA1
00038ac020e2cc311a5477b538d9f6ec46b459f4

SHA256
b60fb3a1331d4c2aa1c3c761c705439e85fd8d991dfe17a33938c78fb2289d94

SHA512
449c782c7ef3711727d4186ac9912fad78a15e64b37912bd6827478cc912f269aeffd7b4bcf56f68989bd74d57bc6d3eeb4085962545bdffa2123cba2c1cdaae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd913231b1eeb49e929e909c7ded417f

SHA1
8bb9c3d2a209edd9301c9dd4289d34bdc29f3204

SHA256
03f4af35592200557ee47b924f2b8ce40af99040b40d64a430693b0cc3695c44

SHA512
b29e78ae4322036138ee09ace5095860e2df21d7e608d2b746db04768e050f5ff4d25133d1c031e65c6427a89e56fc05077e80a2da54714860c938ddf3e19471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
45ad78741d80a27d420cfaee4a3e5a32

SHA1
e74ac860f71a97c961891602834389c2548b3de5

SHA256
eacbc91217be44258633f94372331720b0d018cac6f5d18b2dda79eecf681d0a

SHA512
e008c5ff1857374a89a0add05868eb865d8789c5f2e4b6c7a540fdd0226f1ee0cbb86ebe52a523ba00b6643e90f358bea890991e44a87ec6c09d1b8abcaf1616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
5bd187d4c93b444e3f3d7e9b3e40323c

SHA1
732ea641a5ec46ef23eb6c9aa1d4cb7399e09203

SHA256
b23e9838a99537fd2d796de9d9ffe1e79e4bcc34868b1cb3a77341452286ab1f

SHA512
cfae96739d60c19f3bda7df116074037fc0f0a824297a27c6d01033219ea8d599ea99fcd9ed587df90bbb722abf2cfbf5bb52df8286044248a220ae3657812e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
278e41bbfc5dbe8f5885aeb5eb00d1f4

SHA1
8d07c49ca0d6a5ce86b7053926834296572c689e

SHA256
0ca0eb5988274ecf2dabcbd437db3f4235fbadfdd72ab2492136d6ca0cea2c69

SHA512
fccb24a0be64fe06279aaed87787aff0fc643fd5d8ee424fa946545a3f8ba6ed82f49440b7e9c98f9011d48fc0dd72408798ef604e2681998749b85055583eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
96b804bafb7d2c20f70a1768e5b37b38

SHA1
5d8c5b0e3ab42e17f0048483216353d92cc4577f

SHA256
9c713749bbbd2f62b43339153c59320d6585af59cb63b167ed74e89d3770f999

SHA512
87f715cd79fc07db49591b3983e53302a985df83382dc9e31ab363025e05bb68f701b145c24d2e8e4f59c0fa9e61e2eae27b19da546a71d73a6df450bc15316a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58290f.TMP

Filesize
369B

MD5
b0078807c70edf3ecb0fbabeb34b5c38

SHA1
41dc33a833afa5ce32fff5e2a1ab45eef9630cbf

SHA256
4354246dd0e19fee9f5da27ad6adf135b2560e8d88525d0b44a516d55dbec49c

SHA512
ed5f1b8aeffe84cac46016d72cc777d5fc66f4dcec6026653a32f9856a85e42383a0058fafb6d638335334eea06102f255de32f4b75daacf7b03891619fefa7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
200a1c288fbc6816979ced8780f2bd5b

SHA1
c67b498230f98ec83d68e0b94d84e52e3eb2e0a3

SHA256
e5aed74b9c393b9fa6b39c5098a1937b49ed26b420ba561198869b96508cea80

SHA512
ca3ad59795c4b29b256971ba744934b635d3778ee8da072c4a914a066b47e89abd33ff13d27549854749832c737f5e47370b2061fe20c91c0ffe4404ff418a14

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit