hxxps://lp[.]constantcontactpages[.]com/cu/IxEzhHJ/review

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lp.constantcontactpages.com/cu/IxEzhHJ/review

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
1592	msedge.exe
1592	msedge.exe
1468	identity_helper.exe
1468	identity_helper.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 4252	1592	msedge.exe	82
PID 1592 wrote to memory of 4252	1592	msedge.exe	82
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 3396	1592	msedge.exe	83
PID 1592 wrote to memory of 2536	1592	msedge.exe	84
PID 1592 wrote to memory of 2536	1592	msedge.exe	84
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85
PID 1592 wrote to memory of 2228	1592	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://lp.constantcontactpages.com/cu/IxEzhHJ/review
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf1746f8,0x7ffdcf174708,0x7ffdcf174718
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,9406714072700527739,13446171909206299559,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
637335ee0e7dfaa9ac60d1c45b6b7803

SHA1
eb046178d240d993a1621a2091c6c069f0237833

SHA256
edf06a04a7de1055691038ae898716f280aaad4afcf26a88a0d4bf226ebb45d3

SHA512
8d1e11f6b7847ee3337eaa674c4b582399a63073c73e045fa432b8d42f00e35ab79a303c9dfbdca661b963cd3e9464a3dc779948173e0ab52db52e215bff8380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
2c505b8ab1cd643bb5051b16e63c9180

SHA1
8aaacff57d6cee4c4fe8c6c5ad1ddec77fb0a1c2

SHA256
f97e024529c0c9437fb3cd81a8d8bbdf9ad61254040a09bb2d86a37fab84ee1b

SHA512
d6514061ce8f5639651d191e43a65e9af280f8df95bb3fcae68769e83888a29bf91d01ad6b5926af14675455a91e3db9e0dadb902e38006fcdd7e9c1389f4df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
42447ec5ebe5ad43ce497118b84f7493

SHA1
5ae543c7e88322ba76c92224269dea92e6da861c

SHA256
d3d103b7b5627d572b4413dda76349ffd1683c7896d678363eb262027d48ba33

SHA512
1215086e76f4dd4a5ad337cc0780ea3aacb9f38f1eb37bdbf0cf66a639c1432a60bfe156f6452164bfb1256efe8809e7c9fb77e36d66e0db58ef5e1a90aef636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8a3932c872542ab7e82daf121bb6199

SHA1
e56018daccc14cbd78fd8f6937d8d360ea313015

SHA256
5a3f99511d15df01d9d6d6e038abeb062320b4af60ff37b90a41341763ac5879

SHA512
f73b3f0857e89a4d3905db6c72f04b31d250ad9bff764345b6dd2b1f1f263aca54d114f8d7b9c765a8100e8a0c8758da605d271e2b6f4a5b6b078048ac76a288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9588dea0ab2ba801448c6ba412718090

SHA1
75847600d9f86defc0788544790d68980784809c

SHA256
6c3ea4c68e6753679e6201daafaa205da4240b9dedc6d7812049df2f0c572f98

SHA512
490ef8293af3f172c0362d83b02267304e953119cb189aa1777537bbebf1bb20753ef3eeb5a35d30d2044a121307a5627f392964d9de47ef2d3453f6d12d5d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ae5d7d54eb5b6f133bf79ad3fda2338b

SHA1
a76916354fde7773c2d76afaa58f7fc5671a1fbf

SHA256
36c5a352acba420b258f710132a748859ffcbbb4682cff90311d864dd18f776f

SHA512
0d6f0b4c29f42f7cf378d66204b4a428a2736dbeb01e407520a91dd9e5e28da334e2c5eb3f1fe37c027ed6bb715569150a8315dd01cae3b70009184a1f759a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a297b0bc00eb4f31fc0a62926d6a885c

SHA1
5af04e11a6b2173203d702890b3c9d181717da69

SHA256
d17c6d3bf26b66605e77b80d8eb2f808b04971e4372f3f79f1389690344421ad

SHA512
90de25649f576d065584a906c76804c9678d13a1817e90a3dccb3535c53f90415404d3f6f1946d7dfc1ccb4a4bed15f86fba1fba197e70a7703ee002a3c375fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
a1f5c1b020d683f8dd325d3a54c3d382

SHA1
f0213c82c0b60e7fd39156c50f42d38a9f6f5502

SHA256
ec426af25aadfeb707bf674e2cdef9fe56efacdf262af4ec5aaa629cb172f667

SHA512
bdc099d3c92f8ea53b2328a0b44e2b8e7e7da35f0f1c8ebd1bd71eb807db577086a2a11d23bcaac9432b54b4470dce802d7559a90d4c4f8e5715837f8c3725dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591f75.TMP

Filesize
705B

MD5
0bdc76c1f4533f03012d8b9345ea9cba

SHA1
12bd3591cb5cfeb19f8ae589eaad9c6e428a59ce

SHA256
d648a2f2619755c4f5262c06c5150186d03da897a3595c0f094ff0483b301779

SHA512
a2c8a6aad784e284d9613b3f3a136de726dfa32488df8193d35ac1fab79c46aa4443bc8e209dc9ddf03f0d18ed4197d6c99c0ba628dd0d0748690da05ca3957f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
867e65a6a5a35049f611550ee3daaf5b

SHA1
45dcdadbcc069ae6870b15560f7f7a8235ee0f23

SHA256
af62aceaaf44eae8b3d279fc502cf8cbdf2ac4ddca755d65f67b56a601794057

SHA512
100dab7fd181d21f75ba7f8320e55311e26990810e2b90d900593470ee02d0d848b3ac76b9d7cb311816cada35cd7f1fec05de29d62ff11475ee18fc65cde9b8

Download Submit