hxxps://toffeeshare[.]com/c/2xTUvMIBSH

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16/01/2025, 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://toffeeshare.com/c/2xTUvMIBSH

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
1844	msedge.exe
1844	msedge.exe
2340	identity_helper.exe
2340	identity_helper.exe
408	msedge.exe
408	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 3124	1844	msedge.exe	82
PID 1844 wrote to memory of 3124	1844	msedge.exe	82
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 956	1844	msedge.exe	83
PID 1844 wrote to memory of 4184	1844	msedge.exe	84
PID 1844 wrote to memory of 4184	1844	msedge.exe	84
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85
PID 1844 wrote to memory of 4324	1844	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://toffeeshare.com/c/2xTUvMIBSH
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1a8146f8,0x7ffa1a814708,0x7ffa1a814718
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=180 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,9740551306683789431,17991317324265658251,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
ad62c7a2ef6537511ba6374a54ad5b8e

SHA1
0d5d25e38aef6359a964f96f356a6f4d81e2340d

SHA256
89f45bc4351983c59ac75afe05404291b88f08a740611f9be59b80e9c7e1cd8e

SHA512
6ef4c1db86fe91969770b70f45fbac22b5dc77140db7a0692a29551cb0d85c989ef9ffb5c67cca7b0cb45ba31200e78d26ea422bb5770dec9d3461a4cfa8be5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
9dc6107997fdd1e98d7f8bbea03569f5

SHA1
74988dd4602daacb3d9e97de9d6639a9036a9646

SHA256
27406aaf58f8504061c05f341da3fabbed5b734374bb4b1a89648763f75b9e4a

SHA512
ec77249e767052f49a4466598f18436765fc1882f060a2b2e6efefd0be47a0eeae52642067d96036eb89b73c7213d17da58f0b47223d43d8704577fdc476dfa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7ae7f7ac3ac7b6ef9e0008b4753488c6

SHA1
76be213a3e309ea14b399e026b98d6568fde4123

SHA256
913e66dbb6326844b8705ebdf1d306101d6335e923768ffc1dc178c1c3829a2f

SHA512
3d072aedaa490651c9c5644aa507363292757259b9d0313088cb1219c11552e9b85602af5c1dcf4b494c7d32825bbf96062101ccb5dad3621ae4a0257db4a011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
566bdd48a7205591b8bc5ef7fe8c1daf

SHA1
9229e599c75d6c011807c27150f340a6dd78cab1

SHA256
6f6b2dea26ac515b8775cfee1a2a76d773a36e1233e91e31c0e29e07860741be

SHA512
d71e7f725df5aa194870dc10631f62e590b0515ab6d0124b6bb3f775cb887f2ffceffbb8ee156c3dae93ba553094aa7adcc103eaa8074df4edbb3c0f9240f76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
903fbfe676b22c21ab78d09b350538d5

SHA1
36edc6e9a1ba9fcf44481a256d4053630aa2e11b

SHA256
75e80b4d633fadc1ae4206bb9359750ec525cf1621ba1f51aa144afa54ec1d71

SHA512
0ecde156f57961b8ab7a87a9629a81ad5452051f50e2ee3c899ec42f719038b87a76289797daceae07b17d33f1f1186b5bbedb8bac19af5c493cfa0dec560aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa21de4ac359b190140495a289d55d28

SHA1
a57d8561fa3857dc09147a32f2c9b0b55c15eeef

SHA256
8c5b146d3d4b720f06cbc96d4a5af6ee34061d0a140e7e995126437f08b9caf6

SHA512
03b2da00d95f3ad0981d90fc620b220234e9958646a8fff1a21bd9a32f19419ae0efe7648dc6f54d6a37b284f47afbec4595c1e542df66580d06965d1e405f2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b0669dd226c97feb634239662e097ae

SHA1
e3f41954bf9a2e6d3bcd0500c156994e71861041

SHA256
832d96e1689bd3a94eb7a861ba6b73068082279e3e7f6d4dbd24db6e3cabefde

SHA512
c72647fc0f48cc81bcfcccc31e532f4db2c165827a5a43a1ab7486600d561ad4e3ed85847295b89f66b139a560c894c1fdbb12154d9fca6b4e06ed67d3c7ebcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
617162f8ce13c6e75a9fb064bca95c5a

SHA1
ba6eac8914417052a2254b8af0008f5d54aad6c9

SHA256
e33182ce7bfdf36b800c9f80d7f7623ccb72994a858f0c48f81d664bf5898ae3

SHA512
64478ae6ac09748effdd42846614632c7f23a31f3422f72af44ae3255f8085fe83f6a1f267b9cf910c35d47918725786c64435a87ce5bc40660e26a1dfe9a45d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583524.TMP

Filesize
48B

MD5
6487492a706f4acf54424f839dba804e

SHA1
45636e55d66554f11979e6aab6def0b326cb7b1f

SHA256
5fd556ad3cda37df366ae3522e5ecf54a3ce64990feb5090ee51bf3cb6355470

SHA512
bc4867cd6d558b3cadd013f962237948ec038e992ff0973235d406a4a93512d9b4793a04ccfab1b8b4c4393b480707337cd7aab546802fa1368aafd3164ae540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
b4cf0eaf45c25cba19c4575ab0678c21

SHA1
c0c70af6729f8bc82371a4feee71773bf02a9f1d

SHA256
0953229734f95696f1cd945867c996468070804a065304fcd5032466ace2fac0

SHA512
a642240891dff31cb23e7ab4c427ba155f64724b13df281197beddd8259cd9d433caacb19163e7908738b05d964ace3f380f752ab0cbd4e0a595b04ff09bd532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
8352bc6e7096b8fa37d47b38126308aa

SHA1
bba28dd132679582eba57fc4fa24093b7f25b3c3

SHA256
0b23416cc8969477c617dd264c85448b2410c2fe289477fd21f7877e38e72cd8

SHA512
c30bc012ea6a3cf9a8697f944538a082cefe1aafbf7752746f4744d9750880be755d1f83b8e3445012900e649475f73390b4498982fee53e926bf8afc66c26b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
407d88ce28a83518df4652ee12f4e529

SHA1
29c0012be0d2e5ed49003b6ab35e6f62da17a04a

SHA256
b059616995cfa56ee4bf9774df9cc89ca21277d5e4db196c5aba62e969b59510

SHA512
5e4b17d415e36bb98418e5450f15bf5e6b542a48c477c117a4aabbea2ffc7b0d33436ae35003c6ba86274faebcfbf092f4cfef9b0594c858fa5e3f61ac34c1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585261.TMP

Filesize
371B

MD5
4ef9f768e8b210596641070675f2330d

SHA1
3c90b0f149d0698922ea2a2f4c1276b956ef194d

SHA256
8bafe7393c93803c57fc379e9d2fa701db5d75da7c78155f3c0e18eb47fa3bf4

SHA512
d5fccaa22a1047a205249f5f5f85b45bb2ab540ac5a8a0d64650ef959c2058b6d4997cfd6cc63085d1a9c90a4058f78c45c79f58c6e2c47521a2292f3e8f7185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9f41118c8159a64a449f54a6d4d6566a

SHA1
2161fc1e3608b3e24ec0be3e15441d8408bcb021

SHA256
128f0512e7b1f8a7a0f276f2b3cf528b5d73dd6d7cd228fffd47bff82a345d88

SHA512
bf1cb0f61d12a803a7b58d67b8a6ad0206e66c6b3de59f6d0343d93e4a3509067d2a47cfd4ce56c227554d020230ae9f1367bd6fca26c5e944ea1f8f9f1fa165

Download Submit