hxxps://deangelisltd-my[.]sharepoint[.]com/[:]u[:]/p/kayel/ESpuAIv4Ow1At6uXh3Ta4lIBCQrTCWKyyIeq8QeXYpOGCw?e=CCYGCP

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://deangelisltd-my.sharepoint.com/:u:/p/kayel/ESpuAIv4Ow1At6uXh3Ta4lIBCQrTCWKyyIeq8QeXYpOGCw?e=CCYGCP

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
4236	msedge.exe
4236	msedge.exe
3488	identity_helper.exe
3488	identity_helper.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 4936	4236	msedge.exe	83
PID 4236 wrote to memory of 4936	4236	msedge.exe	83
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 3692	4236	msedge.exe	84
PID 4236 wrote to memory of 2596	4236	msedge.exe	85
PID 4236 wrote to memory of 2596	4236	msedge.exe	85
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86
PID 4236 wrote to memory of 1224	4236	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://deangelisltd-my.sharepoint.com/:u:/p/kayel/ESpuAIv4Ow1At6uXh3Ta4lIBCQrTCWKyyIeq8QeXYpOGCw?e=CCYGCP
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff276546f8,0x7fff27654708,0x7fff27654718
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,5397371793756214242,4538666999794042546,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5576 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
17ecb801faade4e2936901a455592d56

SHA1
88b0b499ae2c006e43ae02c632be630f5e95e5f0

SHA256
345c1c2ed0383ec1027b534a7bb93cbd9266dfdd408ba6fa7aacbc2c5dacdf5f

SHA512
e22c2c7c83f35fdac5236552586f41e30b505a376d71fc2d84f14d1561c88de85d9401417700ec27ebe6c6a80cd363da253251e5d51f5a938762c8c4243d2af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
3d1fa00bbbf98b407c3df9c8898f5e87

SHA1
0ed00b048dfae4359472ae8c3f9d92b177ca08ad

SHA256
c9afbfc7ab57b594889f505c411afcf43f83caa47df27487a1d6c8e8fe0f2d4b

SHA512
2510fcba6a95cccf0559faba95db367f88e65e18c2f67649a492ca59e3f40b28109533e6e09df9016f1666c8ca74f54e7f19bad21b4a7f23f16529f8a549a32f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
00cdf646bb1f5065b7ab719351251d0c

SHA1
2b1c084dd8b378cd0a2d11617422e025f7d2518e

SHA256
d93c638a6fd5cf02bf151bd268fa4db066beea815cef4ab8595527ed63546aa7

SHA512
0820a8d5dc63cb3647872517ebd24ec0af11d5f523ad5ca2c96fb6cb3b4fa07b33a5d75c3d6f21df4b67c6e0929e648bf1df5d17c425e80785f617f09669366d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6d825ca0a5ca7d64530147aab1a4ba6d

SHA1
6d3067d1602b28d0af215adb5df2584d9a0370fd

SHA256
7036d41c6eebc9bd23a868ac18049ed387b99203e014e5e4b5adfb0fa274c7c6

SHA512
355ac68220447c73ebc485562884ea587f054c7774bb2429a5d117b2a5cacd964b615755da884143da6ce5f15af6ffff662bda146c08671c6e4e58b573ea4e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c91c3d8999f7604595132173c400cac

SHA1
4795909983440476ec35f2eb4201c91c70acd9ce

SHA256
bab6d30880e42c662db33e4ef30cbb523565e871c4886bcf9d0c9ce0a80c2a09

SHA512
602abea7118b861b2a8f81c7313088647c86d0e55cc719b893351cb83d90fa4e9500ff1f2ce2cae57b075833674b92390e38030094ae4ecf4616186ba3151aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
335719e5d0127493b3046ba816cd2e2b

SHA1
f96a410d4251ce34f0e89988afaa0cfd17d621e8

SHA256
df9e3e940327faedb69aa1e2e3d16d8916992cfd1c5831c69c9b2694bd85d613

SHA512
1d7ce78729ab7bc786851e65aa53bc7bb62961273be7e508af6ba76669c1d4464595016cd0b65e1bf596801dff5492762000dd83adfdc8e2ea8abb806af73141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91b5ebab7084d66fbe3a2ef3f4775857

SHA1
3916fd814c23dae4e222127fb6abe5bbc3a13a6c

SHA256
d5d200966daf6927544d8034e56c125c0b71e7a8fddb94d3507cfa8af309b87d

SHA512
5572a72c09b06e4303d095aa80a74dc5a17babe62efac9c6caeeb776cd9d8f2b769651502832584a5574343fe8b6f58ef017eef532fd3727ff6cb8302dcb60a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b67f898a227fff9135c2566a2d27c74

SHA1
f7707bdbf4c239304339d0fae252c6f903d2297b

SHA256
ef6b1c6957fa3e20a28bbe73f728da7421bda02add823db7451dc5cf719a5287

SHA512
0bec2deb34f7d16d075a54eccc459594ef26085f455039388639ae033db6035a695aed50c40b9397f1af3cb7e7f8b38af56aae10e331f136788a3db984ac319a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
83fb297bd53ffbce38a284b8644ba91e

SHA1
9b48d6f4a66bc2dce0ef42ddaa2a7cf155f424dd

SHA256
e905d7ade67558a12fafd53fde9deee32a22ff12a0a3011515b5c94cf3e04f2a

SHA512
63c45da57b6d5e657e18db26441d74128e891982db7f9bc26e786ddf5ac5f9aba026354dbf5f2acc36d757f2934400678f9ec63a63fc70943a68cb0d57eedf30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3b45f0d550126c7b77e4a2f744d39502

SHA1
e1a4fa3225cf7d1ba851c4dc641e83467591888b

SHA256
2a8f02ca8a3634a8284ca08660cea0702491cdb65e729b72098371dc6f84c65b

SHA512
f1d0b8ec217b27740f5fabea9d471460f99e9ee1615e8fa3e3400c0b505a70a1e91a581da65f4686729f52345d4a5a14f69887015d923709713b9de944a56079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b6fd5abb2cafff94b0d47932d0fd1a05

SHA1
168532d5b13850328482d5232bde11b0b4edface

SHA256
bccb86e851052f51f51e3dfd8fefd5cbd9cd73c32e5546084d108225ced781cb

SHA512
44d0b766b7746a50c7f4a82c069dff4c7af97491f323bba717af53e71cd68203f53b0e88d21c603895c04193dc5bc3d73ec6c3017786d64b6caa8749d89fea6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
abade6de5d1122ce291f4284fe250830

SHA1
34662ee6881c077d77cc2462a09121294807f06e

SHA256
86926b08f44e5b1dda1dacdd75bc4e4b609ce17bc996f7421da5107bb92b7add

SHA512
9b81e89be9f62ec4c26446d56b26f62b48f76535d8d2c390d4854c991ac593baecab7f7480ef5ea7cf33b9c386710416584e7dd44092a1c6d654649d3a2fbf5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c89507b973d860b0e530e0134f773b2f

SHA1
c7f8cc611b2ddf35cba62d7ad97bc1d5ec4d4127

SHA256
fce07d69377cf9b6b4aca2cdaf2c9bd052fe9cd4c1ed38af188dfbf7db6a141a

SHA512
d675808c5903b94342b3b62bbfe2671b672fed5e9f05a0e61664b149a8eba89f30519c374b60dcf3a57fd3047b451cf2615d3c2744a430d862e54fc99167991c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
97796ce2abcb450361b9791e017195be

SHA1
9af5fbadf59faa70407218a118ad958e1cb0df4f

SHA256
c07e18863021fbcdf044188182107afd30c7450f54f9f30a24c178cf7089ea67

SHA512
3eac9c47d85000aaac6d1c931ee30fc7abbf4d4724601af7f0261ce4a6b36899ca438a56f5ce2bc053c9e6bee17ccc4da137946e38d1fe7835eee4563d339c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
04fbefcf0ba98df5787624fe206908f0

SHA1
5afc81813365ff7d911de5066baa7948800478fa

SHA256
19157cb0f9ccd5dfce48eaadbd601f4f1b66897afbc1e001f56997761e10fb29

SHA512
aefc5bfb8fcacd830437a11634b26415a2cb3f8912c5b750bdce5c839a3a032a49a66bae59be8fea08fd002aae4ca9ed13802550ca97ae179e13b8a87ecbc6e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
734082a4674c52aec2b9e47228137592

SHA1
73fea9c6ce1b37f77672a8917ce0ab9574d3e8ed

SHA256
0f89d65b97d7ddb531bf3ca66964a8fb6fe6ec3b0b912627e30c3623e061b430

SHA512
7018572bd7ce767ed5eb4d5a2ffa64d7ddcc56fe5a3d2e88a1d2f351b199c0e283666781eb4c4ddf3f094ee38774ab46b5ee872953d5c85009d0c4eefd768870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
addc288d833a08efa11c5143d31d77c0

SHA1
3ba022235194e88dae9a58f0f5247bd88faf19ec

SHA256
9c4a1681e8490db4394c0a65ecac17b97228372e2273bb2fc426891b0dd59ef4

SHA512
913299a1c929036f83c1a422dde4cd3895ded3a2b809b4e16fe2ddd7a41413214f52b42964e1f733c9c21b64e4f313baa9fd0c07dfcea528d0461f74be5bba3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c11.TMP

Filesize
1KB

MD5
3bd63ad282c3e85e7ecd0a131a840fab

SHA1
8c2dd5d5350b7ba191de9beecd0a023cb1f9440d

SHA256
4cf280191ec1c878864c0cbd3df67c56e017e6bc845dde1fc7a9fdce4cace620

SHA512
1d52d375052ffadf02e31e08eda9e142f7095adb382d52d9a6c96a7ae334a4db342e4e5ab422074f2b89ebafc1dc9e8fc6852937b933c6cc402fdc169299fd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d4b66f55e347bbc4839e28db16f79ed2

SHA1
52b79bdc38610c44ee7c9383d76892e4a77ef966

SHA256
3ecf5f3cdcc6e99d3993aa86f80d689eb2dc1f1d3f0cb756a4f2c4e8da0a094d

SHA512
f0d9a7855dd7c9e20106d410a71ec327b916f23d412b4af73a5f89009c0c473b4d90a1e6612c8898f11fd40fba2ae9f840f5ef43fa7e8f95bcec61009fc54db3

Download Submit