hxxps://roadmap7[.]github[.]io/policy-update-review-bdh6hg-keneii9-bb7exc5gwjvqSQRyvhsiq/#em9pbGEubW9yYUBhc2hmaWVsZG1lZGNvbW1zLmNvbQ==

Analysis

max time kernel
145s
max time network
145s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13-12-2024 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://roadmap7.github.io/policy-update-review-bdh6hg-keneii9-bb7exc5gwjvqSQRyvhsiq/#em9pbGEubW9yYUBhc2hmaWVsZG1lZGNvbW1zLmNvbQ==

Score

6^/10

microsoft discovery phishing

Malware Config

Signatures

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
14	api.ipify.org
22	ipapi.co
1	api.ipify.org
1	ipapi.co

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
3648	msedge.exe
3648	msedge.exe
1528	identity_helper.exe
1528	identity_helper.exe
2872	msedge.exe
2872	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3648 wrote to memory of 3732	3648	msedge.exe	77
PID 3648 wrote to memory of 3732	3648	msedge.exe	77
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 3988	3648	msedge.exe	78
PID 3648 wrote to memory of 5084	3648	msedge.exe	79
PID 3648 wrote to memory of 5084	3648	msedge.exe	79
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80
PID 3648 wrote to memory of 3924	3648	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://roadmap7.github.io/policy-update-review-bdh6hg-keneii9-bb7exc5gwjvqSQRyvhsiq/#em9pbGEubW9yYUBhc2hmaWVsZG1lZGNvbW1zLmNvbQ==
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff801f33cb8,0x7ff801f33cc8,0x7ff801f33cd8
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4613683155970731425,10782865373382612214,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6184 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
a1cb83a9e1341fe451e802419afc7cb8

SHA1
538a440c1a55b4be2e28cfa208ceab6ff9ce030f

SHA256
b97268fe6df67ce6252988ed31d9e5260818c2a99ebc487cecee91f32b677f12

SHA512
8ea2ad80b506e95dc9352ca72432ed62bff392e557981a1932a5af0269ce4129217bab9207a70b9770eaf5e5aa1981ed83516a11fe03f347eef547b59173a294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG.old

Filesize
606B

MD5
35a8463c120105213e819f44028856e2

SHA1
107f6411edcb28359bf6f4dd0e471b90b5a068e6

SHA256
4d21d7bc0f2425753585a3a9fd48bf482313401fd1a4f0f56a8b084aacaf8dbd

SHA512
b61e4aa961e43ba7f65451b3577261f87350d113d4587c1ce8d58613250d89dc70f424912ef1b7e44275cf73f98436f8cd21d4539efeabd5f4b369ace2140a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
54dca1276238c1b8e7cac07468b5b3e9

SHA1
3ac3afe272208bca6a5496f2d00ae9e125d8021f

SHA256
88c0784c03919890f6beaf715061936df3d87183b91de85f507c45156a656cf9

SHA512
d000fabc1ea5c98a81ca5114c3fd0949c9347da6d7292dbc828bf044f13265e811a6bb54e8ad9ef968d355d59d3a93ca33ed0d8975a98981cdbc2d6e5de67962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fccb0faf3e9778f91c8ef1513cf1cac3

SHA1
ed8f56f0533a12ea00936a95e5fae5b994724217

SHA256
0d37619227ff2f82d00c78b876b1b4dfe3d3f3bf77d4b87718c6db699c28eae4

SHA512
737260797c2f788ff541afe4bd8497ffb72fa760ad315028fd86258e7908701110b6e90a8e35f4fffd636c20554ffd8428a71f831a815a3459985fa2170eb43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b185c227fba61b2256a5c18d67b079c4

SHA1
5056140b54f0a19fb889550121543f89ab5a6fa3

SHA256
c4cd7503df40706b2717d229f4c9e1a9e45ecbd46c51ab05d7af070ae3482642

SHA512
dec2539cac42aace0a09229cbcc56e994d2b46b75b159833fe5cbc9642c1155dd09f1f160542519ea26ca9b45b146782c9b1e29cfe2b45b633f0900b833b5dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
71db86929ce00e8d5e93491e7f322390

SHA1
33f10c4f0d18e62eb222a8c436f6d08fd827bf6a

SHA256
c57835fd4fe666507ac07f3637e647e780369d0a2fc0cdb66eb97b9a019eedce

SHA512
2bd4f4fdef127562ea73c12aedd56b6339f759f725bafca7093b39be91554209ea0979a21fa8decbf135ea335356324717c8b30612b6cac89c65bccce5a0819b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32234d479051e254d5564357206845a1

SHA1
9cf440653d599c6867f76d2027426df4ff0be542

SHA256
69c7ae9d48012f45298d459d8e6042e75e6a9b15c70aaad95e482d7edd166b95

SHA512
86f84e72c1fae027f62a7f48a30b97157fafeb6715448de3074cd765e0bc928fd11f3401767a81fc5eb95528fa34b58f37457db1039c399e6ba2ba45ae315841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\89b8204b-060f-4dc5-b44f-14564bbda79c\index-dir\the-real-index

Filesize
18KB

MD5
b74236f42f029f76293228e31b89b40e

SHA1
f1cc21eca7be5bf4f58f89608004d27b4cad817e

SHA256
049ea021779a8e37bdb05fbaeab1e27384ad8ef07589d784012efcf8016af36b

SHA512
0fb72c3a499fc7d81a31c33de9b809d9eaf878d82e80dc4b0c5168e42650bb0811fb576c60e98400983b0a6d323af3400ac91e37be372057900724f947123ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\89b8204b-060f-4dc5-b44f-14564bbda79c\index-dir\the-real-index~RFe584179.TMP

Filesize
48B

MD5
993c53c83df82d51b32e1baf3c4045ea

SHA1
a5836f07a023a257420a037f9279910fce2b6ef5

SHA256
d8ef501852ce01d73920c1f9e997d21531642e32165fc743488b061ec939d735

SHA512
81a91760233030513f33bb37417e4f6e3cd7aaae345cd6d205f108b2c20dd3cc1e2990e6fc3259e676d3f1cc71afade52fb6e437d34ca429af7e94c1f5ec6117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
235B

MD5
6a5778ba3a8285ac2edcc0a315be8b97

SHA1
385a7ba61bc22157d410e062475df013d7f242d0

SHA256
8af5f2324e885d2da164a93290846600e01ce5406c19f08d857f46fac563769b

SHA512
3ed655a050fe9958f5c60955e531cbd693c408beaf1c09eb20f3b2762c3260bba5f4a85b62a2a454ec97c25f81580719272e3da587f4ddffcfc35c5862f4bad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt.tmp

Filesize
231B

MD5
d887ebd211fdccdcf4ace45cd35e048d

SHA1
682aff2970f0081f152b6a85f46fe47bdcac53c6

SHA256
74991b5da1b7fff0993e4317e7462e9ed59fa1538d80a029dfd7c66f4371f0f4

SHA512
90f62ced4361e3816a16d328ecbe2cdace7b37e3bfe2482b07de94c5111788db3511d0054f6bf20b2cba335e19d02b7a2b631b0bf7627fa62f60dd4bc996974b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
a51e567f085189b0a791678254660516

SHA1
b5ad4b8d05e55220524fc27983708b7afb1c02ae

SHA256
fea3c77815b06d18d338dee22687cfd7bdec08c7cd05106eccdc13e352be56ae

SHA512
f4dd39aa6274e7f307b1e6dd2c0265b78a44f647033e36079d594fd709b8e75e3bfc50c8e586d53aba915aeee2c52807ba39988a35b222c800489d0ea70b012d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fd1d.TMP

Filesize
48B

MD5
f79cb8001b987670c35551e0e0f4fa17

SHA1
5e3380aec999b0044cd915fe387da33f177a684d

SHA256
771d4641524e6f64aaecb0bf7d006cbc2b2550b757310634883089952c472ef2

SHA512
1fb6200736bd80c1cc026e4ea0ec18e6ce4b6c2e48a25594772d31671578a265ef6007da60f05bff6f59efe8e7967513e4d1ccaeda703e5a6e618f9e8e96185b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b5182ec7fe074a394f333954481420f0

SHA1
dd8d1580475024f679dcf27dba6c73ee99904e74

SHA256
f7be748c497976f6af72feb77d0a710ee49395c5eaa73278be66ebc28acbb736

SHA512
6f2a1041f5bd50f3a0ef25426518a579fc1dce4456d27a506477fb664ee5a0ffbedb746ed56fa367199aa9d2f88705afb3d10ff8435e03b4b2d1d8572c9aee1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f33f7351dff3cb34d5b8f589b32a4c3

SHA1
1ff87cd6d860a1baaffeace7695108aa9e6ec99c

SHA256
bc1ffd30a6d3de93a34009928ac7de5d315d8265afb4aadfab237e18b462bfc3

SHA512
780b1bbc75ede10021fc68a16deaea4180f595d9237b290ab0b30a80c7b96a38867b8efd9041bf5ce342c983c4a4d9eadab74f4c9764086722b79520ea2c3d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d4d4.TMP

Filesize
1KB

MD5
dc771d4dad639e1f65266ec416f4e489

SHA1
3e69051a665ea214114981225ae259abfdfaae5e

SHA256
cab3f185789eaaa732d66ce3dba1eef2b976dcf9f6efac30117c51478dc51788

SHA512
db7cdeacb0789e7e59ce983c80fc53f3457f2b75c7aa05e4374afda18855e30e294f2ecd3d018e92e7c825fe238a1a07f1d33bb11c15d9ce7814eb21b73cc050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d73d912e523fc6c15f7917aeaf6da09a

SHA1
15306413c6e1828b5c25046ea47cb132768f081e

SHA256
0f875e2a864f8ef6b4d085b6b66cf1a07bf249e1ff117608d03e6e2dbfb2f6ae

SHA512
ebf8576a78ecee4cc6bf1e437bb8062ffb34b16a55762577853446fd0a2be3f4aad34b839d1d83e63095e897ad1614f7d183080b0025173600d4254ba623b52f

Download Submit