09dd2d9fe7934ea2d88ab8a7d13a824bb462e73d9d2d982e26d8f9a35646e5d5

max time kernel
135s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2024 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Payslip_Amendment12009.htm
Size

5KB
MD5

931df36f406e0f5495c5d77fa91bf035
SHA1

01bbb0abb4f14451a48800e47d203732bc139920
SHA256

09dd2d9fe7934ea2d88ab8a7d13a824bb462e73d9d2d982e26d8f9a35646e5d5
SHA512

df882dd9eb3f6ed9290cb5b764653afdb3833bac947e6b18124454394380b1fc7cf6a7c5b7001108266aeb50813f6b5905e6bf94507f3116e76e66049bba1351
SSDEEP

96:ekUhhhIFDkrQJoSheziDftDIhfBDIEDHhDhiDgBhDMDftDIsjNhFiDIEDIfDhyDl:6hhhIFDkrQJoSheziDftDIhfBDIEDHhD

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
4460	msedge.exe
4460	msedge.exe
4020	identity_helper.exe
4020	identity_helper.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 4416	4460	msedge.exe	83
PID 4460 wrote to memory of 4416	4460	msedge.exe	83
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 392	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	85
PID 4460 wrote to memory of 5036	4460	msedge.exe	85
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86
PID 4460 wrote to memory of 2012	4460	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Payslip_Amendment12009.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd660046f8,0x7ffd66004708,0x7ffd66004718
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8046849368352789145,18366013286247359508,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
25ebc223d6f80f9802669a5305899474

SHA1
9fcfb7d91deafa97635ee0d9e23a26ac82721356

SHA256
82ecce58e21e7402e4ab74d39f08268826911d54336124c7a8c9689ce6a5f676

SHA512
3ac48b33574131a416faf23c676d688be4329fcd64570b4d2e568a7872c9cce425644f9ad04facb809e6a0e09aecfb728c2152706cf2e9ac657461db3e1b101d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ea3f05a86a7bc90a9c8024bf074b53d9

SHA1
434fecf8f624c2bf9b60bcbe76c4927b4df1b124

SHA256
5f7b9c2421b7f78e0c9977bfdbe417b2a914e8783bda7f094d1676814cf90ef7

SHA512
5a074bae0402a821b320d6d4bc97a0b2ccbf3e6c806da77c527fefb517505655a8f6baaa0eef2c51bc2b088f4c1b6d1b28c099714bcc968e8591e4b063645d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3e8a7bfb33fc97cc3a43fa72485f0fb6

SHA1
4d2f6fc709add17c4d4719b8984f48883a789d74

SHA256
a355135285089e2f50d07885da5f0126d9dc619334fcd93e66121d9b2a818ab7

SHA512
7720ee6de84512923db855faeb303291561c5b6a2a4dc25810da981f8d791e811b13101cec7fe4986fd88ba7113d6d1bb127741659947dfcd05d17818298c872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bf0016c0cc403c169c687b1e8bc5dff0

SHA1
3818f673a8d949a647c589acb4cb6214e871d8ff

SHA256
c477982df457e3e4c6af531f72a802706d76d4da81d53848fbebbb35b88f6cd2

SHA512
ea47a416c0ebab7eeddfc740ed9d6eeb5f3952563bad83f31a372cd5729d5dc6dfb2cd69e678cc560dd30eb76c7613b839a9e3653248651b0538223dfb6871e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f100fe99d57e7bb98547f5c524923dcc

SHA1
df7dfd7d79da6de4f2639b6f3aaebe28ebf186bf

SHA256
8a3fe2279ebffa5d7fac42ea8c5cc6abb289a2cb1209481da93661442752fb41

SHA512
749d6e8b4d69650575681b8e6b02ab6f560735e22ded12e5729a15f944f4a710aa8fe8ef1c43e0e3e2253536a1d126e34a57d505be1f2799c0b8e2b894e57656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
33eb69b8e221c59dde5e3a993b4712c5

SHA1
7c0146d8082f60a7e242df502b68f7b5c5616df0

SHA256
2e71562718564a8c320b3c941db8748158989c29fa38587bd257a2d982e458f8

SHA512
2128b15db708325a8c84af7e6eb8b016792cf337ec1ca3a12944f175fb3a094f4bc86a3a5b0f334b68306e2ea005a58946802c307de873accc31a7241a5b7ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1dfd58df82c8e13b3a0bcda2a9e8e691

SHA1
1f99d3f38c5a22a84629f6cbef264bc516863a55

SHA256
5a652b08de2882124803476f0a3bbfb599d2f323058956b02af139263a7aca70

SHA512
08f4b5eab8f8d9fd75ecaa5f4343b9272b4a0b4ad3411e4add28ea058b81893467bae3bef33991c2cbee80ccc8e65ef7b2b9092954f86dc8818896c6cd841be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24ef266966f77ad216dcf61fe36a8c52

SHA1
63dac6300abb235f75258da9ddef93f217409136

SHA256
8276a19ec385a8f001d71d9a95038f78ddd48424e154c191ebad742f6f87dc2c

SHA512
991d9a92e272d84fd0b18d6e2e11a78b6b392732064396727e228154f6d259211f3173449eb421b4bed462d1d3d87c2d3dc193bc2e2d78effa66e8e62bb803f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\19d2b83c-982a-458c-8888-e6eed9d52f40\index-dir\the-real-index

Filesize
96B

MD5
e3741e4723759fdb2542246cfc4d02e5

SHA1
22e378c763c232bc3ccb1499e5bf8fb7861d610c

SHA256
c3c31a4b21588ef4553545ed954b9446111b3fb32c65604cf2e9588ec29b8f36

SHA512
f2d6a3881f2961c7d80a88298543a21856735a878b993de14207c3180676c9efabfdab9c835033bf90b1ec44e35fdd002356ef79a4b74cbe27fdc64a137e4a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\19d2b83c-982a-458c-8888-e6eed9d52f40\index-dir\the-real-index~RFe588ab7.TMP

Filesize
48B

MD5
c5f33efe3278b7cf55bf3c55519b01cd

SHA1
ac2fc71f6c479d54cd4df680843548ba1d859870

SHA256
af2f1daa254adf879689d2c22447c200094044ab5cb2a35944ce2eb007fcea29

SHA512
7c994504681009c65f334affd0031bd6989063901cea072caba783d49511b7cddb8bebf901a0076200bd836725ca8a766dddf74bbd814c89628e5c2484055e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\df7d6ab9-39a5-48a9-b25a-cc008e27f508\index-dir\the-real-index

Filesize
96B

MD5
d9527a043a2c9ecda189690bf058d4c9

SHA1
d2d251f2737f4a69273418690faea44c5a4d886c

SHA256
0314893b55678c349ec064a18d776ee71c3698ec7e9ba3553e913dd94d4c06ea

SHA512
5a281271ef863b7b6c8e226725260796c0f351a33fd5fd3408699e983c856331ff32d15e3b88c1fd019f211fe1fbfc888a91f9a54b40fe86ec5d74c95d49569c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\df7d6ab9-39a5-48a9-b25a-cc008e27f508\index-dir\the-real-index~RFe588ab7.TMP

Filesize
48B

MD5
280526bd527e7084bc1d182f05a0df24

SHA1
f9e062033403f17515a1fc3325b8302d7856866e

SHA256
ad0288641ae1a07bb10e56c1cf42018cda745c09c916ff3e3f1712e126a56a3d

SHA512
5ca4a2c4f26e2ae4caa6990f2d0d472bd82e229e1418e54bf1bae5e34738d2d11ef3a99ea297c5cadd45cb5b6a52ecb57836f0b002dfcf9dbdeab5223b64004d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
107B

MD5
0ed0bf307ceea5c6681634f1e66a2d73

SHA1
269a12e35c24fb8cb75bf62335df63c84d8a155c

SHA256
30891c1aeb3f8c82da15e31275f082251e4d097528b1450083c827f03c8469f2

SHA512
5a6ce42dc0dd26884946f583ac15829f320193c6f6ab73273beecfeff43801f2556620da4e79e493770614c39317f96990e84fa2ad3324a4092d1adc16dd3c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
179B

MD5
92fd8cd0fde46e700cf9b782fd54eb1c

SHA1
478be3402fb482f08bf185da76f8dcb9220167f7

SHA256
2eba070a6ad8514f0d29df871fb15a016f048d88f1e3c55094451f161e0fa2f1

SHA512
3d39d67470188124ef00d4e773f322cd5b28f6c00673b8dfbcb4d91f12bb9e7b7fa63c9bf1acf7d524aa77aaac88448cf8fcb0ee0446d587476c4a0a610eaab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
175B

MD5
8d07cb08e9a085bc9b298a1b4b9df464

SHA1
9d3f8d448f32fb6b87f8e65a6462fe4d3c1fd02c

SHA256
4db889ca678b657493565dd390c8ab5f3ad0b8053d57b3fd5e1c97dd8d86e826

SHA512
55fdc6f6acff163ad3d30acee87d519113718d95250fdd48224b0aaa3da56465429f194904662a5de8ff7f65d9e8913b56b583d758bc70517be8de44561e5242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3db4d96c6db3852790ceb642efd3c0f9

SHA1
5e93ad8225de5b7caa29d36a52778b993d20b6be

SHA256
6988f63350778ccbb6265f57e615900bd911437c0f64a333c3fdbc1b61ee2dbc

SHA512
e8c407b489b6e07d3c86d23496572120a5efc08267f88afb1282072db26cdeb16b5ce91445d81a2862b96724a4b527f343d153794f762726e8cf3b7d6d549084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
202c2ea4db648637ebd8a6b8371767ce

SHA1
f9275c2603a337d1bae1742e2f87a43425082c2b

SHA256
e6ed7b84f7c60824006fcd4a577c847c00c9bc302260460f3811963fac7bbb63

SHA512
2b631ebd87174bc3f9c249eeeb5ce9726306940084a2ca7d516780c73d09e0d39a7519c1c91e226c2501c68fede7393bb3d42f6a19ce4457dd372dc52f6c6822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f9c0d385b35c290531c0b32657df346

SHA1
1eba6a8680c81e3b84aed3b2990e3d2b8d9d9f8a

SHA256
5720f3fbd7e2c051eea29e415b6334b22a9a0a55178da65db80ad99321b91932

SHA512
eb4cdd7c17deead9b2574192aaf06217c8283dd2e3918e06e7dc0cbee25dcc59d161c65342bd5d5ac4a157027f30f5a7a533143832a55ce6930acb16b7a37478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1a3f672db59b2c3a3599cbdee8d5e09b

SHA1
a396478c605f72941a7db2cf334442419c2479a4

SHA256
f851cd66818054eaa911a1a25cf9ef122f4244dc8419079baa895feab0290f9f

SHA512
8f6957e84f47131dc838e489b263c1f8f7adf40ffe11ceff8f1e97c85d201f9a1a4d6eaac4204147891b79ac5b67c671ad74b8653281f839dc33af4adddcd02a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589342.TMP

Filesize
204B

MD5
5209431bd41b3a687b746b49edaef293

SHA1
1cdc1e597dd8e6c42fd417222e8d8600e5c4ffe5

SHA256
6992588ffc82801d61e3d02ba35fb0c26a08fb73d97fb5af75093afa63a7c3c5

SHA512
271a7c0885d10ef43f89d59d9d5faa80a853fcd0ac4996070198a87c7c8680e690ee2945b305cfc46e4f11676328a809d0b6a28b6cb5187897be0cbfe1c327cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
27039a3373b6e4b7b9560d6ec10cf7c4

SHA1
7d1cbfc3c0b4c4286da983bc7c682f1af4564a97

SHA256
ca61cd66fe9ac960e806d546245695eb6c8aba7753abbe29c8b48cb5fc8b7d56

SHA512
4c402251b5da1a4d8f7533616dacbfc5ec2a522361e6dad8652d85926a4e4f2bb5397f37ea86ce6ed715e39e5f754f8ddcd5431419289e33727ad9bd1dd2243d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit