hxxps://account[.]microsoft[.]com/activity

Analysis

max time kernel
76s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://account.microsoft.com/activity

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

1208 msedge.exe
1208 msedge.exe
1852 msedge.exe
1852 msedge.exe
3504 identity_helper.exe
3504 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

1852 msedge.exe
1852 msedge.exe
1852 msedge.exe
1852 msedge.exe
1852 msedge.exe
1852 msedge.exe
1852 msedge.exe
1852 msedge.exe

pid	process
1208	msedge.exe
1208	msedge.exe
1852	msedge.exe
1852	msedge.exe
3504	identity_helper.exe
3504	identity_helper.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1852 wrote to memory of 980	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 980	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 860	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 1208	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 1208	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe
PID 1852 wrote to memory of 2976	1852	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://account.microsoft.com/activity
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
2⤵
PID:980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15018694980735212455,995544350565318245,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
2⤵
PID:860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15018694980735212455,995544350565318245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15018694980735212455,995544350565318245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
2⤵
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15018694980735212455,995544350565318245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
2⤵
PID:2244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15018694980735212455,995544350565318245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
2⤵
PID:1840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15018694980735212455,995544350565318245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
2⤵
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15018694980735212455,995544350565318245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
2⤵
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15018694980735212455,995544350565318245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15018694980735212455,995544350565318245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
2⤵
PID:1508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15018694980735212455,995544350565318245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
2⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15018694980735212455,995544350565318245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:4472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15018694980735212455,995544350565318245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
2⤵
PID:532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15018694980735212455,995544350565318245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
2⤵
PID:2080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3988

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
22bb6af63c7710354ac7070e45ac988c

SHA1
34d29d6b316e39ed8fb8c5efb42c4269040fcf1f

SHA256
1a70d5d3dfc04e6f5cfec1ceb06676039229f895f30007fdb55b043ed48ab4fb

SHA512
42c12820b5237caa5b4d5149901f84db6619a69e85cb869df06e07b3cad1b51e0c2d0545ee0129cbc8e7947fd8c2989def537ad2d58a1d5bf2c2a1bf60041ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
62677bdc196e22a7b4c8a595efb130cd

SHA1
bd2adf18caf764c8f034c08b6269d9693875f3c8

SHA256
b540616d7e73ff22642f4fbe2bea0f9daa2f1166391e76cf817b2a93e0bd41d6

SHA512
d23c3b9662eea6a75382242fb8e8084abc1127afbd2632f161df71a2aefaf223621511e1bf6229cf7e86313101a8d9dfe2f20e1c0bd481066e1969cd6fa75e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\192083b7-9e5b-4c0d-9e6a-83b9178db9ad.tmp
Filesize
6KB

MD5
4dfbe0f858f324eeadeb75e6fe7feeca

SHA1
3958b26e82db8ef2e99fae200fcec1382ec183aa

SHA256
dbcceaba1eee17347de33d439336e84ea366c970af3d7af59cda93e418be43fb

SHA512
fe41fd25b77af3b3e79211fd84b35d1fec168dbdf6b03607431852760a7ecf9b2b181d0b572d3cc635ecdf104d55ee99ef515c9fc8f1136fd2f6f3936f3811ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
0a047c5587163afb6b207d79ad0711d9

SHA1
1dc4da3d199c3d322a3f1dca87c0486cf951a1f4

SHA256
a7e57fe870d0acb4049962f7252ae8d8b9323f45cf26b6ea481341d8ac642b7a

SHA512
bffed3caadf3aa53f3af1fb890bcdfe52a33708e8f8e8555ea0d866b99363de2a85a3c4a34e2fefbf8779667d67a293b5151277a4bc65980dc035101a4f52b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
4f5307861ce7e82d741fdf4687972569

SHA1
6156cf6584556c18c8d7832d152fa7c8e2fa9e5d

SHA256
7c1424030565f849894c19ed07584fc5ea17837356384db6e7fb50f29bf94bf4

SHA512
9689aba2e1eb272bf9c2abeeed886e38efffed1838941db1ac8a98a4fd6ec467fe2ca3ce31873b533f403a7c230722cd0298530bc6d53fc9fc6b2ade7e80fe2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
500B

MD5
b3ad98b6cbc9f17373a887ff0c75adac

SHA1
de0ab813cac887f739156d192dcb0f1ff24a548d

SHA256
f0a0b640ae185cbf581581fe92b78223f1b779f0a542a67c07819d2cd001c9f9

SHA512
03aeddae01a005487f1003effd6a4030647a083e252c9152d1784456dd839037cb25ae73d0b39b03a71a88f8b4c289e4d53cd162ee5b7123d2902d91400d06e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d2b5d956078dcd3d5d7508cd4e1ceddc

SHA1
632dab78b6d6c85f162c4d5b4cbc5406aa7b492c

SHA256
7fc9eeabd58604a7d608fc9539baaa4e469cdb2fb685ba8ae8f686d60f20c821

SHA512
80cfec95f90d8570ee4bbf6b7a32cd37eeceb96d0ff1810b761800fabfc30d63b019ffc3cd2ca3d9a8c62da427a4be12e6ad76b6c2d98c3d6b79002fc4acec75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3c5a19157cbabba821361a5300bb3723

SHA1
d6cccfb3fa16ac0526aac453e05afe7ccc7b2696

SHA256
0412c564f9c89abd942c98972a647ca8f9a39493513c1e5b2b3c6b6f0e655617

SHA512
fefde49be85b8de79658f210a1631ba5da218ac78e4d250beaef35cbd2be3f7c4f673cb8fe2fedb73b0d43706fe0306cda5ffe0daa66c4b3125ff120ac0434ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
22aea0b420bf5d7dbf46cb103dc251b7

SHA1
26709117ae1dfd36f560600ada9b5b3dbf4042dc

SHA256
139b03ff124eea95c778064dd7f14be9ab3a2c9a7b7b3df2cc03bf5a09708bf2

SHA512
fd9b38141a55de5b901279c173ff209c7e8b8e0433516dc9b7ccaada888f1d7d492993b7b19414948a088f0a4b97a58666a4f6e0ca43e72f58211b115202fb3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
874B

MD5
c8c2793da6197186eaddf2c4fc4ee6ef

SHA1
1e431fd6d0f1d12c44754572150dc608e9656f46

SHA256
5df1daa20e20484aebb962e81572ff62b2e54c163efaef5d9fb8c28ceef95b5c

SHA512
5b9ae19087c4f3536dc3668465b18cd510c8c24acf78980980618fe8e6eb9d85353bb8ea64dbdc6ca6645f9fb48b8e7e60d5ea42a0b14293717a0944e7af166f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
874B

MD5
d80bbb841d8a499c190cd7b38bfad562

SHA1
096f4b0f6ff82977c8051212c81013976da5dc7c

SHA256
7984db30862ef22cb825f81ed404105f73ca178e16cdedf9fb63ae2947842e88

SHA512
f8773246516eba8dd89c05591d5956e74da638532bdf238ef2b408dba831b3381aa43398213132be1d098bff1fbf115b0a992b1d102bf37f4366b32160f846e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd50.TMP
Filesize
707B

MD5
5dcd998470ec62739062841f394ef624

SHA1
3416f5821c8dc62cee0f08e95ff3414ea540f5af

SHA256
099096b11a520edd104331447abfac2e4fced73c1f818f8becee7bedc37a7d2a

SHA512
289cd489c21760be2aa14786c41aaa0753bee63840acde6caf1c10421663415ad6e68fb3f040dce2a9deab993eaf11ea0ae6edf60c34a457446e84d86bebe24a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
7c0a2388c6b240637c2556360bcf8def

SHA1
a2516185227aa28e13719da6fa2673c9a0240604

SHA256
1ab115cdade23d8e88de4c192accf69697c4d208347790374acd6eefaf98cfaa

SHA512
e00dac4ae9a616b90bed230498ff498c3c22743f7c49ef9b6671c87162eadee6dc3c944779d2541c0b557b15fb7eaf1a253d31db0ca3ccdbb30772d459bb3cbc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1852_SCVPWJFGZJNRHAER
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit