hxxps://aka[.]ms/AAb9ysg

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-06-2024 07:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aka.ms/AAb9ysg

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2588 msedge.exe
2588 msedge.exe
2948 msedge.exe
2948 msedge.exe
4528 identity_helper.exe
4528 identity_helper.exe
3376 msedge.exe
3376 msedge.exe
3376 msedge.exe
3376 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid process

2948 msedge.exe
2948 msedge.exe
2948 msedge.exe
2948 msedge.exe
2948 msedge.exe
2948 msedge.exe
2948 msedge.exe
2948 msedge.exe
2948 msedge.exe
2948 msedge.exe
2948 msedge.exe

pid	process
2588	msedge.exe
2588	msedge.exe
2948	msedge.exe
2948	msedge.exe
4528	identity_helper.exe
4528	identity_helper.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2948 wrote to memory of 1536	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1536	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 216	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 2588	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 2588	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1856	2948	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/AAb9ysg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff810c446f8,0x7ff810c44708,0x7ff810c44718
2⤵
PID:1536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
2⤵
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
2⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
2⤵
PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
2⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
2⤵
PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
2⤵
PID:3264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
2⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
2⤵
PID:1916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
2⤵
PID:364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
2⤵
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6096 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5f5b3591-2a6a-4119-b5e9-bf3228bf6634.tmp
Filesize
7KB

MD5
841bf5c7c58b09bdbba194b626eadf80

SHA1
79735b896bc8a9f0c90e78cffd3355580d4d78b2

SHA256
024b252ab25b3da4fd3e65974aafa281a9a09e97e675f5ae62a1e63f203bc843

SHA512
6b5a0300ba8f5dba61f35d2378fb95a900a74bfadc3657f0a5c0de5f90f13b0d6c35c8c43026a8ac02e0df92145fe2cbfbb76c8772907c2de3a4822d7923734f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
22KB

MD5
c654a623ad90bb3dcd769dbbac34d863

SHA1
8719de38f17d8e4d73e2a5e4e867d63dd3965baa

SHA256
deec787cca1b9436e080478742a0299e0db1a9712543a72d2cdc8373fc45a432

SHA512
b7440cec44b71bcdbefcd878a860ee3cc0163dc0905dc688ebcbcd7c6f5cfdfc187ea0c2b6247a362ad462450c34020933df7825cf6ceaeb3138d65eb944abad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
960B

MD5
023000ea5669ef2e32b03d8f5270559e

SHA1
e5e9881717b8bd22b46fd9cec578f8036c3036a5

SHA256
0573fa47721827c6a8cf6238de384a1de0e13c94f88866c080e7562f20787891

SHA512
19c08f3ee457721a522b46b19b20321582269bfe1ed3496a01cbb870375b206f0da57632b799337912ea5423cab54148e1c4d42b12bc05ec94859cbec1e44c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
98ff36ac069557c9e0f27ae1dd927ef6

SHA1
ed4a6a03e11ce62b56442c5c433f9e16334ac607

SHA256
7647ac27bbfd0ea847954a55a011b20a837978dd59407121b8668577d2eb27c5

SHA512
54f80fbeb664e8c4a96e2b6235cdf556585fb564f8bdef1b7299b0a11f09f6dd16427435a433f2f07f1a6980e51476e05cee8e8bd805fc053ac7ee8e89cd369c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
b75f6ee347c0785fdbc8c969feaabc03

SHA1
e6ee0d32ef7f827778f4eb3a1d350e7f562af834

SHA256
a4d0267ee4ca9c79fc67d393740d848a9a8383b97fe0ee7672ee7e1ee34e4ea1

SHA512
8ed0a6d2b61efbdbc846d6329ae128b5dd88ae392cb89dfdeb0c8494d2fbadb70f8f450583ed50f35148a279b59e9d6209fabbc4f196e778213102ca0ad4fa8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c5151c170fa19ed54a48646271d8d65e

SHA1
fbfeda261745918e298e7453caeda27e77048a7d

SHA256
1f86923db96bfd80db2ded23decc5148f672c39da9194215d777c14baa1ea235

SHA512
e3a373a6dd28b8e384f38e9d9cc3982ea88852e0b697bc279cb31a0c41e6f28e8ab696d6cd6b47b5d3cb7f85e4f5a91b829ecb01995d1e0da298bccd8066722e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
6730630ecd90cb97eb358f6823e3cc7f

SHA1
0b81a75ff5fc88c5bca78d9fbc48bf7da5251026

SHA256
09ec89d2a9914e60e145f26d4531515d5b4b68455652ec98cec6f5edc4a78706

SHA512
6cb9813f1c4c0189a42bab93964bc410ad06db5c3c203b2f1256ad2b653f9753b0cc97dd6e66b105835f53ab9ce49bdd09acca06eb92ffa80878165333995173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
ecca0193b40ba3481215bf433ad0c14c

SHA1
c8755c0bfdfc855d3dfcf8670f31d52bbd1c2d3a

SHA256
c41da73054e6818cba734243e1139ab32f02231053b6898c704a70f2c5be4887

SHA512
2c4410f8b719d5d7dbdb5df313feed1e29225a7c04add1ab1cb923f9fa0a0451f944d2a9fab6232d6ade63e5113bfaa0a3ca45efd7d405878cb2d6486091eed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1e83f015c59dd4e19576a744e876f53b

SHA1
f5346dfe8d9a09efe1c6fa63b7ab857180f7cf9f

SHA256
ed703de0244692087a3ee57534270507789446c1e160748f2b4111bcf09f5e4a

SHA512
bd1dc9f3f8988c401f606c62d60ad3e7bd11e4442ce671255a9a65834ae8eb2f74b02e360a4e032b03164bb79ab03fc10db0932e70054e3a28feb7a04d852707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dcf2.TMP
Filesize
539B

MD5
df7e91be125882d28901becd08b49e61

SHA1
5a969fc1026ea6eb829f3bea93673cc2e87f2bfd

SHA256
d3b81344a53dd2e06958f6812f9bdfded61f5662c9c5d3cac0ff8e0bdc444845

SHA512
8ecee83c04a32b67d62f83b3b96c00304caad5aa117d9a6f08fdc77b9083f57ad31b3c4f7ecc96468609f23b5c0d6954752e062befc3ef25d336d9348b255ecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
b0843364b0b342678828550f1d50b797

SHA1
d645f5a2f411fadefe7c4b17aa2b89a0e05b2016

SHA256
721e4e6d6bf2b33d50e44f8b38b961daaffa42d8e10bd81c3417b1d6773b9bfe

SHA512
2ffd3307b13661ead691f22d4400f4dc30781253c1d2cf6c502dbb53642753b6bc5aac6fdd0913a1c1d69a1cacffe943a088b84e251da69978cd7a42d17633ff

Download Submit
\??\pipe\LOCAL\crashpad_2948_NLXFQNNVYNONASXV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit