hxxps://outlook[.]office365[.]com/owa/?ItemID=AAkALgAAAAAAHYQDEapmEc2byACqAC%2FEWg0A2khPfYERXEawhkdSeXT4fwABeAywWQAA&exvsurl=1&viewmodel=ReadMessageItem&nativeOutlookCommand=openMessage

Analysis

max time kernel
95s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://outlook.office365.com/owa/?ItemID=AAkALgAAAAAAHYQDEapmEc2byACqAC%2FEWg0A2khPfYERXEawhkdSeXT4fwABeAywWQAA&exvsurl=1&viewmodel=ReadMessageItem&nativeOutlookCommand=openMessage

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

1172 msedge.exe
1172 msedge.exe
916 msedge.exe
916 msedge.exe
3660 identity_helper.exe
3660 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

916 msedge.exe
916 msedge.exe
916 msedge.exe
916 msedge.exe
916 msedge.exe
916 msedge.exe
916 msedge.exe
916 msedge.exe
916 msedge.exe

pid	process
1172	msedge.exe
1172	msedge.exe
916	msedge.exe
916	msedge.exe
3660	identity_helper.exe
3660	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 916 wrote to memory of 4532	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 4532	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1252	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1172	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 1172	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe
PID 916 wrote to memory of 5020	916	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://outlook.office365.com/owa/?ItemID=AAkALgAAAAAAHYQDEapmEc2byACqAC%2FEWg0A2khPfYERXEawhkdSeXT4fwABeAywWQAA&exvsurl=1&viewmodel=ReadMessageItem&nativeOutlookCommand=openMessage
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718
2⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
2⤵
PID:1252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
2⤵
PID:1684

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
2⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
2⤵
PID:1524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
2⤵
PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
2⤵
PID:1784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
2⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
2⤵
PID:5084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
2⤵
PID:2176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
32KB

MD5
1e5b765b32c5f65973d835e9ee3ebf20

SHA1
2ae4b7b8e6303dbb2424730062c2fb1d752219b5

SHA256
d443b4a9f2542caad44e23d0d3917456e781bab47cd000cdab5a2aa571395379

SHA512
0ec798c3379d4724f5168a51e2bd8eba221f629ae41749b444cb1487b5b16a01e220857e181c710babd86c0201593aef9f8c21291f57bf14d5ebb72246958665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
4d7da190364ffdfe861060e0abdd4fb2

SHA1
d7c1b403a85c6460dba2f81f169b14bb583b992e

SHA256
bea77fa718fdcaed8ee07c289cbceea7c789d74d48bcc0125b4a76ecc55629a0

SHA512
bc5971ba583c8422cedb73fe095b56f801cf6081b633e0e819ccef27ada7f9351c0bea02fd853526ee1f9a74ad61e856e47dc928d19dfa3212e8333db441ab99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
362845362f83c5b8c0f593a61bfb5ddd

SHA1
196557b7c3e59b3f085f73e9ed1504d532006818

SHA256
0e06764d3c175d15bad8d4f207b848caa70a375821cd61df52ff7ea028fce883

SHA512
24db1aa324fd231019a7045285bfbd94d0475e38b3db39d9d7c1a76b54b235a5d6cae64b4760eefead7155e451085e710882beeecd1d4888e2d91d2d1470b95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
37dbf74308522ba9c1a535acce59096e

SHA1
1d8ca48fa630a0f6c79a0b3359f6c87c2bfae6f4

SHA256
84c3a4a42b05a2d4752a493a5975786470ebf795a0126bfe095b937e67534dba

SHA512
9b3d8fd206a0bd46225c3b80ea9c60b863f5f740df4244ccc54c305c7d9c0c12c7061286a6faef8b47fbf6136f44f45d33ecd806f85faefa555044d78023e5d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
674275b4df17e53c51c0b2eba05b7061

SHA1
a7f7af5570767ec3f317620083566b49f80ddfde

SHA256
a4a1fef7825d1a6867c3cfdddd75c04ac7fbadb11fb43e39c6ccbb416f555781

SHA512
b27e82527a71f3f7aee77182311a1c0a981362880d74dc87adcdf71d6e0e40be432ca6991fe0aa835a5913c596f4308ac900d3679a36fa9a6727428a23856066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d13c64e836b69f8ba37dc2aa3a1e0836

SHA1
e426f4472caf59af882e137399daa8a84fc841ef

SHA256
07ba9a60914cca07969694bdf0bb6062f320e1bff07f4e58abd89b4ed69d3e88

SHA512
b9d2e696929182fc540ba0c6bcc5673119dbfaa29d16105745fa1020ebd2f3278f6d3e72ed435b56b16b7c5c8ec3fcbe7ce4ac624e14328753612a79d452aeb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a8469ef5f430f9a51535cee5bef9756c

SHA1
d830178ac63220e7ea7fae7f37e62d4cebed1257

SHA256
2a21a04ba1771848411ca5c3070a2bb20876b6b0e06bfd3649fd7e6028e62367

SHA512
20a99e4cbaabf2ac235bbf5b4aae91a0aa3c37012ec3898b18c51f65191ed8030bbb9a29d050928c517050ed10afcb1abd07dab2a379b5d5fb667410b736538e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8348c433de4b7fcf1ed5bd27d7756f14

SHA1
2dac2d72df002fc000cd0ecebfc42b07438208a0

SHA256
1984ef29398c5d4c973f476785407687ac00ef179473d2762de8b0822e917d6d

SHA512
f98c41dc4e5fc693b73fc5a334353d164ded6f4660f81e7ed5610892c31fdb6d1072b11f7c395d2aa455014152cd99c2eb7c93c0c09cdf540b35b3e2935bb57c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
b4e5c858e55fcad167ed5bcf9905898b

SHA1
72334667ccc1418b3ded3519a797cdb5ef73c037

SHA256
bfa4ddaf9e5cd11b60aa7a91f8c96be7f7a029084a1504c07fd03dc30925f428

SHA512
4ee93540f231fcbdd33402b4e6759e755c0c09468b1d9f25d0c48e79c14f945cdc4cd850a3cac2fa7eb06afa6f2dbf19f7ecf3a088c6d4418e88b08d39a7765a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
693d35677aa200251dba6732448e79f0

SHA1
021478576615a879a20214f07b3fbf1b60a7b34d

SHA256
2f3a76829fadf4a30154414fb6384fd0a2b52fe937e31925af7af0d4759fdbc4

SHA512
43a2e206253cd341ad33ef9e890e2ba3b6ee662f6fa083b2c528a41f3a22e9153d4bdd2c5385d6f2639a224cd4361fa1ce368077b5d270209cdf9cd929e2d062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
873B

MD5
6b45bb21fb510dcc5d91b524e64595d0

SHA1
71da89f936ce99bea1d8d2a9a6a97d7922e99393

SHA256
45bc20fb8b98f25e9c92b0c797fe798e0ca527d7d73a1e6c697e646880713030

SHA512
64ca156f85f69dd6f5d9b32994a66b473fd8323f678630b86e29a56e9e39ef704bf55d41fdb8fda31fb4969c40e60de11c402bffa55460e3086cf3a5525c1f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
871B

MD5
4f503016f016aeec6aa303436083013c

SHA1
121f0545aeabd5f848afebb81fed1e08592e1e63

SHA256
419115c4f00f232c98012d389ffe5da3009b9fa25033e711432b76319e6bc9e2

SHA512
2c6214674c039afe31c81cc9233a6d4cf20194c1cef30ea60893c2388324a0f9b1e87d66ced9e7b03ae9def7b6b7ff0064f47b9b7a95d92ba0506f9074aab99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b594.TMP
Filesize
705B

MD5
df06cbf7144f1d86873ec99d4b60a803

SHA1
9802051177c183612d3aaf61dd67e5d58bca11aa

SHA256
70ad26f59b4d93b44e72785a95faaad750242b09b21b21991e67702aa2f666d0

SHA512
2027325393b3a0eed54264899f6be82e29e9d056cf488df715b066334b4afa63d6b6b18a3e06f3888b742bc6f86f8881906aa520e6523002fac0a139145f2617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
f21ef2bc33c2fa0697d8ab594d25710b

SHA1
27ba4e9cd8f0f382d6f34aa0239a586611812eca

SHA256
4ad56bc1c45947fdfacee8c2a8dff47672d58382281ab28cf7e787a160749bc1

SHA512
82a3c8becee705ada730ee59738c66821f1d6f245624b7b2ee097bdb68a51b58edbda743e8cf720447d0c44357ededc62bae7c9bb892f6d5fa4549733ae68623

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_916_KIBKUNQQQFVNGMVU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit