hxxps://office[.]oooooooooooooooodestop[.]com/VOHSyMKx#lmdiazmosat[.]gob[.]gt

Analysis

max time kernel
97s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2025 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://office.oooooooooooooooodestop.com/VOHSyMKx#lmdiazmosat.gob.gt

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected phishing page
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe
1788	msedge.exe
1788	msedge.exe
5088	identity_helper.exe
5088	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 4792	1788	msedge.exe	82
PID 1788 wrote to memory of 4792	1788	msedge.exe	82
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 216	1788	msedge.exe	83
PID 1788 wrote to memory of 3376	1788	msedge.exe	84
PID 1788 wrote to memory of 3376	1788	msedge.exe	84
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85
PID 1788 wrote to memory of 4272	1788	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://office.oooooooooooooooodestop.com/VOHSyMKx#lmdiazmosat.gob.gt
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff998d246f8,0x7ff998d24708,0x7ff998d24718
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10441882248052129475,12701180143355655171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
45KB

MD5
2ca67d9f2114ab3aa3da598bfac6a255

SHA1
6c41c18db2b548dfc08b257c131f6172382ec903

SHA256
211233c953415e5c95b76381ef51adff252de3e068861ec64d2d992862d90043

SHA512
d61f7633437bf9b0bf89fb7e3427e4f643005455bb8dbbfd6208934f2a8189ada966c71bed9aafa5e4313a8597822a60782170d26eb044c5229f15183a641f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
32KB

MD5
2e287eb418940084b921590c6e672c9e

SHA1
1fc75a9daa054ef88aaea181f3a9b4cba2b6b6e1

SHA256
6c2c58daae76131a00d1bfee20852f372cf594be7f4a8848acc42f8bf72c1bbd

SHA512
a77f69571b0f04f4a2354d9e18e41ef86f22274eaed20c02215b632bfef09c6543a83591e9db3f2b4036a9684bff666eb6a7b253ba18893500e9cd541ab752a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
0f1500be48b12ee12e00c12857a72885

SHA1
d03997772004a2556d42df66638e3e43b6ae01a0

SHA256
99d220b3549b1356d95bc39c5f47eec57b1354d76f6300d468493dd8a518e970

SHA512
ba8c72ce983e737380546781eaef9b1961b8e5a03d43f310c5f79a78d7bbebe72d8e24f93298a3662032dd5e312b2f47708185eb3097fb1253f44e015bdb4062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
514B

MD5
399b6ef45ebdd0875f7c00f4b4461977

SHA1
e94b46a9c242bbdb7cc60477929d1c2fef9669b9

SHA256
c1d6ca25eb43d4e0a9162104b23938dd026772f51d3b91916283981f90164c9b

SHA512
27272fee280462fbb6db190a51d8c4b787a42ebc63c1e00e602999b2a5adfc13e12a6808c5c663b5de9c675086d67ce6ee42eb062ef372be9c782c740aec1942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dca10827dff04b7cb7cffa8da077358c

SHA1
0a4f6fa4b83373a935965c8e160259e49ced4239

SHA256
c15515b144898d6930dc0b305cd585ef3c2897afef8061a0a259c960e6e034b0

SHA512
2537e49f3f96899f0a79e9b869542f81568b4ff6ac5327bb18af3ed590651cabed7badf9f8e4dac9fa8890c29014ce52507c32d6cc73cb7db2533590fefb7363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
53d1fa5dc9b5849cea41f3c87f55f8a7

SHA1
f24cba423ad5227400e2df1c600ad987fcfc0adb

SHA256
3268d8e8cc6d58955106d8b4c6a1b4e1c0681fa495a1febdce206af9ac2fe826

SHA512
feb97f535866f6bb3947330977fd731af31ff2300a61f53315d244cbf8c11726523da13d7b2c86d77612f4fbe000c62650d6140cc4725763da967b66d5f221e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b892dec1ab96abd9d1fe6f029f890362

SHA1
2c2a1af9df8354b3efc02d1ed7eb1a3de6b50ede

SHA256
d12ab03b496a4e86e1faaa2a7bf79c0f82375cfce2f28f89a3021c8dfbcd1092

SHA512
e513eeae0515cf706ac6bf1d8d2935aa800001e64236806cf6df333e07e7348da65032af11962aae17b0b2cdfad61a7a3e3be91aa1e6cf5f47a31123eff91f0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
716fad1ea260022dd9c475c74cfc000b

SHA1
e707445ead7f6b2a0fd52ed343f65ac266231cfc

SHA256
b5042a76b0b4c16336008527558aec57e2ccd2a6d865db8b66b93018dd2ab84d

SHA512
09e0fe63fdcc00a848b9d124e268521c299d17cf4ba63bb43d871fe4a70027e8730b5b8517270c8521098da8d2a5c19b3d5ccfbd5c07e8e6261481bbb1ea32f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
564d692cd8fbf37abb537d38b1a0a045

SHA1
82ec0f589a206c58748897359d64a9d16a604930

SHA256
8a4075be12898bb343b9103cf2ba0d8a08d79cf0c0409c31a34c395ab34ef8a8

SHA512
50f41abb48fbabf5fd618f269239dbdbb3caeefcee4d2264cf246842f0c0aade0fd61ceb8d1ca3a4865ec8505c0159d39991f5e655ece655257e8cedb61c18c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ee23b6d5ddc4462e7a675707fe348f74

SHA1
b7354d282bb4c75835669c979cf33142e2f01828

SHA256
bc2730bac82e27cfc1468fea07cb1bcf89976b559023306691dbbbd1b2c5f005

SHA512
2a6b57993fa1e837e2d8517dfe5e54703a7160fa5fe78538ecfa254658301e3b8d5d0cd9339981a203621d63197f83cca67b9c89a723807896fc59063d1b9823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
4dffbdb4e2b4319b5b3cd6a82099d1b6

SHA1
0fabfc58ebd2727c481397ed0281a0a1f0f22eb3

SHA256
5b2c500165d1ee198ddc2379d478f0ea3855f1664aceecea6907fc1ea2ba7de3

SHA512
d3bfcb8e1cb74d9f962a2c3f6b65c4309e5c1784aaca8d9f522215273f0f74b4f6fe5f9b6e2961b50d01af0cc3da6c31e40f5bbe3749df3503ab68c2aa1b4e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
ac5813bbbe68d91e734c8960766acd78

SHA1
29917657a8789493a7695da1f7961c2f126ca3e9

SHA256
a22ce7c95a79ac5c4f72748919965fe3cda0eaf2e82ca45cc35bc14011e3caa9

SHA512
4994a97cdb0adcfe877db90a9dba5af4817b635f8119e40a33e7b407af2073525dff9e60f9dddd7a4e6bb610003f077255b1a807fd6a9a8bb881ce2dd7cb8599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
ba51487bd4559bfac72ba87b10acdee5

SHA1
99fe3b829f5bcf2b63a4ce7ef4e72b038e6f52e2

SHA256
ba975387e51cea99778708c9836e415e4766d4959010c9ed20347bea1a1a6bed

SHA512
420c53a87d594282d9a4afadd2751f99aaced342e2e8e9f60fbf73b8f2adccc7256899947463b0a8edd0bb90c8983f9e12244a389361b6b3b1057d0311dba23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
7562541b7cd398080266e91ba4fc7ac4

SHA1
9fb17e724c366a3623c74523173bdf313f05fcf1

SHA256
eaba24c28ae7fb5f03edc8842581cde80b3bf11436f5d462b9158550862aa25c

SHA512
dc262b36cabf81209f3150ecc63874a4a335e5e69d88cef6e0b65f98801d87b2faff1d7e0a3fc06d0f70b6edad1325a5bfa4f0f56c14de8307e127aece6a0eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58367c.TMP

Filesize
204B

MD5
9e435a709d63fa30f822c1d39b4a3735

SHA1
48d349b159e8f69423725c9e1441abf2a9d43e28

SHA256
a6ef904e375c13c0884212d92ee7f39dfdb70505c642ff243487b0ed1d2f561c

SHA512
9719fe588ac89d05b44c950cf1944dced53599fa87d0f702620c4fbec80af6c009b1c889f7a20f411d612071a8055a8e60e05a4087f5bc341844f1c8e52c14b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8729e2927fce7bad2ea129e8b5b86af1

SHA1
379b05ba6a1ce479c9dde8156e26c2ca8d7169b3

SHA256
8a12d5e32b26ac9c4dd7bbef4468e2e03e59bae8bcd98aac90a8cb6dc2003cb0

SHA512
932b52e76570c88a11a41af3d57e188394cc228fa2a75ef06c34170b8cb3db3bab44c5381c2bfb36569d00ac187ac03092083d22279eb1fd31c02793467834e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit