hxxps://outlook[.]office365[.]com/owa/Finance@macro-group[.]com/groupsubscription[.]ashx?realm=macro-group[.]com&source=WelcomeEmail&action=site

Analysis

max time kernel
145s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13-12-2024 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://outlook.office365.com/owa/[email protected]/groupsubscription.ashx?realm=macro-group.com&source=WelcomeEmail&action=site

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
648	msedge.exe
648	msedge.exe
3388	identity_helper.exe
3388	identity_helper.exe
1668	msedge.exe
1668	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 648 wrote to memory of 1736	648	msedge.exe	77
PID 648 wrote to memory of 1736	648	msedge.exe	77
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4824	648	msedge.exe	78
PID 648 wrote to memory of 4424	648	msedge.exe	79
PID 648 wrote to memory of 4424	648	msedge.exe	79
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80
PID 648 wrote to memory of 704	648	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://outlook.office365.com/owa/[email protected]/groupsubscription.ashx?realm=macro-group.com&source=WelcomeEmail&action=site
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe8bbb3cb8,0x7ffe8bbb3cc8,0x7ffe8bbb3cd8
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,9685157780415241960,14865059627118326096,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
6dc93504019469a092a99e9d4d0306b1

SHA1
d7a4e9c3f10c34e50d23901c77a4b3376db2a033

SHA256
afee0d71db56446a16845c362848997a1bf9a221d0b38b364511cc0c6866c3d2

SHA512
3751c1ed544c114765bb21deb28fcd144735275fbfa0b36e701b0999ae2369e6339229a70981650c83770ae2c73a29a075e587a0c39a838e393ca1158f23f367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
28bdd0c2189191c7214b4c9be4d885ad

SHA1
4357c7cd73646a22488b4eb9aa2f8a6974dafec6

SHA256
5f55e3dca3ab5690dce7230030f0041f82ddffb5a887ec721b648fffe49d67cc

SHA512
f47a6f8f284260112b564dea02a9ba048f7689145ee18e2f1adc58181b70b8870a0ec27ace3314c65ce326a3a92f2623010d72f3ec0e136aaced40fe3034a0d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3a5c62625eb100810e3ab901e8536bba

SHA1
d927fe80004974fd5941d08174a3e86e5daf63f1

SHA256
4cbf8f59fe8fac7f33db1798496314572040a9f303e1e7f5d7edd1713980aa76

SHA512
62da195917c594ea7bcf1782c7f1ee867cedeb12caff7daa9ef711907e82d3dd33121eb47b85c7fcccd83d7beed4479d932806395572007290fb38b2099c81de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5d5869512f49f107d67aec3ceeacd20

SHA1
e487b8d03a1e316dba4e18c793c92d65ffaea560

SHA256
f9804a685fca5a5117e3919b53e6f252e32cbdac8ccfca925c869a57577e7772

SHA512
b5e343d2a458ca71e5ef2f234cabf70b9c5fcff3ddae2a43562eaf21a6479596b74f517ee285d17f058f5c424784569667551e712526a255d77476f04ee790f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c54b9e613accb7d3e67edc2f8ab6dfe

SHA1
b33cf81d2664506e457ddcb485306e16b0d9b060

SHA256
2f8c7f068433d3203e7f21b38681c3f9ee016a809fd836ac834d9e12111686e2

SHA512
2eabb30cee618936ab3a31fd05cf47290427323ed94b35e296d1ce73ee8ffc6ccf9cef829c06575dd8c1ac89e263cbbdfb619ad35414b01f6a9f37623276acc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9798f19810d150c358b8ee97618db2d

SHA1
ab05fa502daa1224a6a471d5655c20ac83a9b477

SHA256
0628a75a4b88a11a0d12a66e21f51227bb8e36f05d7ae7acadf4817119d7b60f

SHA512
ef61c8077a1786b1f8ab39af85c8aff4d071f91d581add96995a7ee575982c17419cd790d2381b17683d4508055d7d14c04915d51703a608699dc56f9d74f94d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13e9e2ac4efe4c1a419126910436bcd2

SHA1
4475bd852df40dd4185c36bf0fafebe9bcc72dc5

SHA256
ed22ab954564f67934ceda84ed56fad8affc39bddce16a9442f420be2bf4d0cd

SHA512
96482fdbd956a908db75e35b564980886708e4102f720beb361d6a8a4fc6bfd45f91b605f9d033f02cf3d5c784a998e3267fd99d5ea3f3d563096446b9b8969d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb5d1e544cc121ce3b5cff06010fffeb

SHA1
2b145ffc5723baa22e1213e9e4be4663665f0b28

SHA256
b876081418f0c937ed067ced405d4c6b9b2387b1638f950a91d23fdbcc9425e5

SHA512
b9c21a2f87c69e12e6b7cef523be11d3d7595d40ce4a483e1544ae9ed72d8bec617b74077f0ca49792397ea3572b846764cc7d90b63b3218c5dc073fd29521a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
330cb2eb9d81cf0d0b350c63e2069809

SHA1
1681a5edae35568e226d5d97997c87f2f2b0e528

SHA256
79c3d37b2c878170b76702445a39735309a3775ffdf09edb4f34156a69dce363

SHA512
7a73e8e14b79beeec5086aa6868993598f7006c483c88d1c7127098168cee15e43a06839df7c978091ddb487114ae22449a88e30faeefc72a3afa777f9eb0eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583f75.TMP

Filesize
705B

MD5
b81082894f6d689703027e4048165f20

SHA1
51c180017f108230ed470a02614b2af64b8e67b6

SHA256
bf8c0855001af9e161abe90634a24b8f7e6c745b0db90107a1d217ec22f6c410

SHA512
e8cb2619ecf25cfee391cd4ea0a56b843a6b2af190fe1730e81d38792381bcf2323fa09eeac79c049653c8c6d6c39027c46e4df467927fb2e2f62625c78dad69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b6adb119-a327-4039-9e68-f365f23e63d1.tmp

Filesize
1KB

MD5
586fe7a7f32efa0a035a24ca5e1d4063

SHA1
7fa55caa4c3b11a15aa95012a486ae5034d8d3bc

SHA256
a64464d35e6c4d18d4b66d18a1690c159f2310ec0ece1e979dc9fd7a9613f64d

SHA512
05a6733570adeee00e0c3ab4756683ec5e259376296ca75fa1fdcfcb4e2c599bc558ee518efa9c0c006c87758845dd617fa1a089c4bae477f620e3e6758defe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
33a8e635211fcd6ea3db7663bec6f02d

SHA1
5c3617e28c1ff8402af96df649a4db7fa904c726

SHA256
4f889e4ca6ba6dcfc8341fe89ca83d79e941ec8d8683958712011456e6e0389c

SHA512
2d116088a5f5e72dc27151343ef0f6ca2a80074669f7ab273e740a0ad3076229668d2c3038d7e0d997b25e93712dc14ce7a729e9f44f0a95491708bd0895ccf3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit