hxxps://c7ab97d1[.]f23cdee9de227a27a8732e7e[.]workers[.]dev?email=bWlndWVsLmVzcGlub3NhQGJvY2FyLmNvbQ==

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://c7ab97d1.f23cdee9de227a27a8732e7e.workers.dev?email=bWlndWVsLmVzcGlub3NhQGJvY2FyLmNvbQ==

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4656	msedge.exe
4656	msedge.exe
3780	identity_helper.exe
3780	identity_helper.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 1148	4656	msedge.exe	84
PID 4656 wrote to memory of 1148	4656	msedge.exe	84
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4812	4656	msedge.exe	85
PID 4656 wrote to memory of 4604	4656	msedge.exe	86
PID 4656 wrote to memory of 4604	4656	msedge.exe	86
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87
PID 4656 wrote to memory of 4476	4656	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://c7ab97d1.f23cdee9de227a27a8732e7e.workers.dev?email=bWlndWVsLmVzcGlub3NhQGJvY2FyLmNvbQ==
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1c4a46f8,0x7ffe1c4a4708,0x7ffe1c4a4718
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2059475432926962189,5766772386334211837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
298c4b3a9531b861c977048c28f19822

SHA1
e8234253fe0b26b04622b4c2e6fb41278266f456

SHA256
e636a56829941a5a88adcf08c484d96e0cb3931a95a847c2533eb05b4f314a9d

SHA512
1c9b0fad1b0ce09482c60448d5ea0635322dd3398afa841b045750cfec9f52ed96f5a25fd33a0a8a03f6c01a81dcafebb71fa16e442d8506cb5ac12ed8cea61c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
acab82ba652313936f72fb6449afc5c8

SHA1
6d75039d71db1f2dcae9074be9b44249d938afd6

SHA256
819b9f597cdbaf04c5c879534c8e5137bd97cd29e0c4052d95196c7dc3772da8

SHA512
ba248db7853056b789d2ed7e1b59d0d06cea70dafe527f21dfed736b7df3d7cb9315b010e5221d660e75a8877d18bb49e2daf96dfc6dd67ff91365b02a8a6c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
978B

MD5
e77226c15e05180d1fb7daf3a96a0f44

SHA1
aaa12eab23c3c0cbe89bb83ea00faba213816512

SHA256
5cb1637c724c9ed269c9745afdb9b698e2af833692c23828b4e3db2fbb09e9fa

SHA512
99366e971f680e32aec3c2e1c8a02a9e5fb04716d5b60cb3f5e340bd393c467c6faf96aa631c7edd6d9ac74d65ff07bd698b25ede9e12c9a399c7107cbe52558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c586026d56cf534f4eba8422c391472a

SHA1
776d8af2a3deb674906cf7ba9731f59679a49599

SHA256
76ebecf0400ed709d860ba2850d266a1bd0bde439844cf0b669fe0ee9f8b85af

SHA512
e7d95dfa8afd0595c608e07c4bd8c2ad69a4315e6f32a23a7019c85d69ac11b79f088e205fa6b090433fdcc709a010aed23e35d50b6af8cb403eb161a09df422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eac2bdf3c01f2e4b24d866abe2372f33

SHA1
8ef3c393bf15ffe713a3c13c84d414f49f9f7366

SHA256
7d9831db64c99aa6162797714dddb69f2ece46372429d69d4e442d151f8f08b1

SHA512
20c6b52bf3047bbff64f5504dfb5ea21d149b4d175d377b2012408f34c9f01ba4eac6d06e502dc9443b84bdbb986becb62abafe0d9cd79b7955889f0d708b33a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5ee33e52c434107d17f9f9302f2a330

SHA1
ed3a18dfdfe17b15fd67e3a1ebbb97ba1c706a66

SHA256
a0355287c1a61ca81edc81293f385c099172d81b8513d6dc7bf2a70e6701d9d6

SHA512
d604c1ccab8788a87d4c92375ffd2eff5545804512a43b1fe7be9abdf95ffe50925bf60a62efaa8c7bba91abf6961dd9a9b477a48570cae703a11281d0ecc589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
57c6c20c5dd3b35571bb1902086f4b31

SHA1
bac69d6e69e9d932aad561b454c3b1f6045fdaf2

SHA256
4398d1b126561608375cfe64e3ec0ea06def2ab69196e29eda130a264882a090

SHA512
c75e4e093aa1399a309a47140b378f8ea46fbd6eaa63aaeb341b25df716378a0d9f325c3ec30ef454f148d9d559ecf0f78490d8a66fbc34b0826610fb7c64b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588354.TMP

Filesize
703B

MD5
d4a643516539efa2f4d7f1296df89d82

SHA1
f24152445024737a82b5e379bea869c65e69bc13

SHA256
99f3ed5102d58517d687606cb899ae6a9a2474389ab2443292bb60b971a99ba1

SHA512
b7bf8870cc35fade7e2257b0cbbf4030641a2bd64f8e0a038aaa6477b535bdf017025040a5de704b74779bfcb268b4239f9cab994b5e649b93aaa88974083b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5e19809fcac3034779aa32466f67ae9e

SHA1
abfa86498398ed60a734351c32be6af7d3e96853

SHA256
6f5c3418804e104efdb892b4861d1c626cbba1ba34d719f372c11610a596494b

SHA512
3d7a39fe372e84d058f5ed750560f57646db286d35b2ffdc0a282f1a45425d3f311e37cd0bbf9aa4bb58ff54f805a612b567bd1d7f5b15b6c4a9f919b895dbdc

Download Submit