hxxps://inbox[.]proofpoint[.]com/securemail/Main[.]html?tid=9c8fd139-6701-43fa-b2f0-c47b6e3f917a&mid=6f854db8-173e-467e-9c7c-a0eb9ac1b84f

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://inbox.proofpoint.com/securemail/Main.html?tid=9c8fd139-6701-43fa-b2f0-c47b6e3f917a&mid=6f854db8-173e-467e-9c7c-a0eb9ac1b84f

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4728	msedge.exe
4728	msedge.exe
3696	msedge.exe
3696	msedge.exe
920	identity_helper.exe
920	identity_helper.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

3696 msedge.exe
3696 msedge.exe
3696 msedge.exe
3696 msedge.exe
3696 msedge.exe
3696 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3696 wrote to memory of 3588	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 3588	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4788	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4728	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4728	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2608	3696	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://inbox.proofpoint.com/securemail/Main.html?tid=9c8fd139-6701-43fa-b2f0-c47b6e3f917a&mid=6f854db8-173e-467e-9c7c-a0eb9ac1b84f
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c2046f8,0x7ffa5c204708,0x7ffa5c204718
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14162621554460675757,7591696960362522262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,14162621554460675757,7591696960362522262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,14162621554460675757,7591696960362522262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14162621554460675757,7591696960362522262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14162621554460675757,7591696960362522262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14162621554460675757,7591696960362522262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14162621554460675757,7591696960362522262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14162621554460675757,7591696960362522262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14162621554460675757,7591696960362522262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14162621554460675757,7591696960362522262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14162621554460675757,7591696960362522262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14162621554460675757,7591696960362522262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
837030890fd3a41f20484424d479aa7a

SHA1
7dd49eef4170a288001e7c6072dee2e6369f87fd

SHA256
e15f4c5f71690df831c7cdb059bf4829dab962698fb99b3336d46c06d97e41dd

SHA512
543cf481b585f5395faaa46f46c4f633759485b7b4b142d9f24031fdff10652145631965651842b7a4cde4b0948408b76ade8b092d804cace93353c095789b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
8169bc43b5ea3fc6a2519a53c32259b5

SHA1
a683a84a1d7d1777d49fdf29326f5c0ee4cf0d9a

SHA256
2b9045aa1b76c4ac1b9c62d19457b7c5d9429e4720d9f9b7eaa4ed2d644123eb

SHA512
c367d539b14968edea1e764ed1ec01da4327a48aa9bb50823dc37105c6836c62f4284edd8d27ac888f8fc40095df90aa23be575ae2d9f3401c53da652620e8fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
869B

MD5
9c24b46fd30325f7e98d0435bb5a9dbf

SHA1
d9ca097e69cbc5cb142602cf5ee62b0e4f43a9e4

SHA256
714234de1302ff646bb1f0839c4a2d7a9fdc16efc1bf80a0cdc42a69b4acd5fc

SHA512
685ce831352d382404530579bb43ba5ab0f63c82add945878a7fd0261918aee9089034e77200424ae4ce79257d8bf24f13bacbc4094e025d1087a43283492b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
807B

MD5
054b4bd278657ba49abffa1006c9bf2e

SHA1
65df3a7b251796b3a7933dd6b86fece7c1aae327

SHA256
b4108076cd955d55366460f0d6fedcdffa0416badbdda35e05936e3c492cd6cf

SHA512
bb1b2694703b6dcf8ea00d454e161a6ea4e4de02d50b47442dbfd7ce925dec7d10339e2b25330096c96de9c9f8b7c1e1f6dcd161e3685c59fea2eede9f4852ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
549e0a996cddb40e4fcbc2cb8fa11b58

SHA1
003468578bfd3543bbddd81dac36ac6439c0a0de

SHA256
5ce286c90d8eedeb60eba7804464c33bc99fd06dac366afa01a76958a2b0fdea

SHA512
a21153730c0d8ed97d07d397171d9d06fd842561feecd632a018542826dccd16dd8021138c8c586bfe87d3eea3c3f4272a7dddc868ef6e6475183a5007e7e4a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
627bcee9d81df84402e0bb10d1a0fd79

SHA1
3b099510d90241ad30c69dbdda699e6fe16406bd

SHA256
7ce7d396601126369571a14e15ca1d2b254656b2f7fa7626203ceb2e5595996c

SHA512
46f749d2a6fe443ef680d1293137193130c3c0ef289ab79ec614951f7b62baa97282c03001595417c79fd5c95d6a14933b1637b4da5b6c320c65dae238ab59d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6f9ecde3815bae90e67a658d1cf2598c

SHA1
c9fc40760bd98181677652908200dc8c1a971b84

SHA256
b1cebc3053382352c9d3e198a511415ddeacde4b6d1e5206a8cff8ab943d2c0e

SHA512
6aa6149b3c4329fddf4a1f02ccb9268513612e924bb0793a5719209f4fdf598b8538727a48da1791638a1d505b952515acd3cb37f94015ac121850251decbb59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e737f46cffeaf7d7328df33629811d0e

SHA1
74dc5b5218abefc15c535519da1b692b65763496

SHA256
cb122d6116a81acc55ad80c9dc47d453ff50b5458f657a44ff2d7f32e706b67e

SHA512
0153ef66b00ad2bdf23991a4a71a0c83357bf9977ed7fba885db5ea5c4cbf8715ca28fcd434a4fec0435696ef631a249fab325c605d4d10b3d5ea40704091ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
8f43ea55234c0ba9429303145c7fb37a

SHA1
10aa687ddf317d273f15bb6658ffeeedcb358f93

SHA256
2743e68cfed3a535e6966ce9a35d2e45732669928ae3ed591f63246696b7a878

SHA512
61836fb8b54f184d2545c76924b9c11631262e1b5cd23fe90be99a0358809d2837134f4ac5c11718c7fbd6e447a35a5681e2931387b44d4f1e39a1e900c52129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
2e09861c2b8047141b7783554337cfad

SHA1
750ac0bb2b3f1fb5dde57f51aa02995b61939879

SHA256
e55447dd967c97f976737dfc5ce7ec3523a0689110ae6a74d4d85b9b8f797a12

SHA512
a29420d847a225906046f8ec8521e8833f07f0149ec7e1f69c28ed57ff949b128b7b0a243dcc5334e2b6e532cdde1fb9a138a669a43f391beea816377ec76b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e9d.TMP

Filesize
705B

MD5
fcbea19d7f6bd80dac26177c0791f8ae

SHA1
abf28905112093f36065f38ffa32759b8aeb3889

SHA256
7a80768854402497c44ba55badbd5dc53bd50a06e299e050aa7e1e77a2f055d0

SHA512
2d50a24287913980521b0806ec41d228437874293acc23448d8a2c0bdc70008b13fd0cdefe53307fc8bb8053e8b553135a2ec66f3a996e414b9729ebf9ae54ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a83e457ccbf4885b8ad7d654d5e33923

SHA1
664195494af9ec2f87f8db426bc267dd97d8d54b

SHA256
17c31e3d2940ff4aca8ec32d8ad7b6fe6bb9d4072b5380e9f0e8fce42f2a98ee

SHA512
b52b57c00bcb68276893f7684024cf52cde52dc67032088a3b3af05186e4b33cb36d75778a83164bdb5a012ef51cd6cce4a18a7896a4a3777190c8bddb8e3447

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3696_WZRNRFXUWQCWTRHA

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit