hxxps://go[.]microsoft[.]com/fwlink/?LinkId=550986

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go.microsoft.com/fwlink/?LinkId=550986

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2564 msedge.exe
2564 msedge.exe
1856 msedge.exe
1856 msedge.exe
1828 identity_helper.exe
1828 identity_helper.exe
4432 msedge.exe
4432 msedge.exe
4432 msedge.exe
4432 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid process

1856 msedge.exe
1856 msedge.exe
1856 msedge.exe
1856 msedge.exe
1856 msedge.exe
1856 msedge.exe
1856 msedge.exe
1856 msedge.exe
1856 msedge.exe
1856 msedge.exe

pid	process
2564	msedge.exe
2564	msedge.exe
1856	msedge.exe
1856	msedge.exe
1828	identity_helper.exe
1828	identity_helper.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1856 wrote to memory of 5056	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 5056	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 4116	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 2564	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 2564	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe
PID 1856 wrote to memory of 3544	1856	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=550986
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff457b46f8,0x7fff457b4708,0x7fff457b4718
2⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:4116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
2⤵
PID:3544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:1912

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
2⤵
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
2⤵
PID:3216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
2⤵
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
2⤵
PID:2180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
2⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
2⤵
PID:3360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
2⤵
PID:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
2⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
2⤵
PID:972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18242993926470210151,3531465968023815114,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6108 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
22KB

MD5
c654a623ad90bb3dcd769dbbac34d863

SHA1
8719de38f17d8e4d73e2a5e4e867d63dd3965baa

SHA256
deec787cca1b9436e080478742a0299e0db1a9712543a72d2cdc8373fc45a432

SHA512
b7440cec44b71bcdbefcd878a860ee3cc0163dc0905dc688ebcbcd7c6f5cfdfc187ea0c2b6247a362ad462450c34020933df7825cf6ceaeb3138d65eb944abad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
960B

MD5
9984463722ca2c9165e6083f0bf6fd5a

SHA1
7895d9c0494f0dfe2124e312f6d2184f5d0df455

SHA256
4b613f236933a185d112da6b48ec70e92e681051dc19957adfcc4fe0f83b4c05

SHA512
0a226901e6abea94763c648fa71c693c32155e1b17da817400634835198be500273e0d9002976a4f39e6dd186d5c658195eb9b19a90e1223b122110f54c53058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
3b2a5506594cb41c20c72fa2158d95df

SHA1
52f9d73365da3dcf1aac408751d6c9db196d6b1b

SHA256
97ce12e85cbcdd7cf709368542b9fbce8270139f830a1859c4548ac3efc9f847

SHA512
17f4d2a6093f3b918bc70801b42b8ff4e451b18bcdb3a18792902659b347b4b815d179b103558b54438522009b0d5de52b44283a0a0927f690f48e68b17ff11c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
572b20710ac96de5c487d79ca0952eeb

SHA1
20710b446f88a6dbc1db7c915e4dadbe53fc3fda

SHA256
95bfecf0af8684c70fb0f6b12b0cb5024d3072533b2c9fe6e46d191da6612818

SHA512
8991df1799ee67d336bfb4f95ef0bd8d8c1d9163b2309fe138f58b3cc3fbaf661a6331b119739275eebeb817be2e31877385c4d86328e3721670c0dd9efd6336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
1f627494908fb2bdf10be2a4a6aaf6d2

SHA1
86eb95b787c5142ff9dd8c76c80bdb9bbd2f8567

SHA256
1138fd0103967a05a74f17755b9e607ff77772c92ad048fcebd7427e9c4bad8e

SHA512
7ee4e22e5da13eb288639e2144f1fe3d1234e11bacb92db20b01b8911311d90d2d6c6f810434e46bb8aa6dcd03d3d0df43b5746eb9e7ec2daee9a875762ce285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1c68526eebe19d7db82b58094bd5e771

SHA1
52fd94e26ff6a5ff6df60f1f3309ae6bc4f1d75f

SHA256
195ad578b2069a53b176139e8046f95896fc301ef915c8327bf36513badd2e62

SHA512
59522e5e44a7e3b8ea982fb960697a7cb5c1676b60f70db91e0708f6ee7b7e78903229257eb9fa688dc394ae0f342787c041ab69e728172744162e25b8de2730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
33697cb60aee30bfc5bb80c86eb1f59e

SHA1
cfda850500b1f28ae376ca34bcb8e0aebb2f3369

SHA256
b83db7eb3a1f3f63c70bccc6303e7bbbc45fcaa6d7ee800d05c3d29b690a6eb1

SHA512
b4b55314c9761a87403584b6f1925331d9eae64cc5ab85011e88e36143c3be036da5e071f514b624f32263250b58b2d2da2e442b1f8964ae3ae635fac4cece91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e8fb9ca6d6eb07701f54a71b2c1f686e

SHA1
2060f764cc80efacd80fccc1058b97e9cb9dcaa6

SHA256
4b14a437ca8bebfd38f5e6cc58e98ca836b125625926992c41f1700dc4960a14

SHA512
153444e8ee34225589bada3639589c5a796f45e6cd7daa6fb063ad215705d091f0c7cd5958b37f4dec6ebd2a8fa881c841c3b7a242bdff873f3529256393194c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
c556bd8d99e1e80b86f0d8dd0a41ffd1

SHA1
37d5c3446c232d262bb1ee689ac21ae7176d24d4

SHA256
33f8651aa4e042e6f73340c8a3c749eea9df158fca59f53f15cf998692769156

SHA512
0fd7a5474321b39f31e8edbef850779874cae5d2d75e303feb787f67d15edbd3ec6a811363edd27cb40803b7669a1b667a2a8f9f6d8487129a12dc390c37bdec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a47d.TMP
Filesize
706B

MD5
cd46036e12590e8f518a7ed7f0cc3517

SHA1
364627bf7f439338eb57a4a4aa293a3982a612e6

SHA256
82bb45150495665fbfaf3c6c03ed6d7848beecb81add6d028e366cb1113c6b36

SHA512
c013650ed5a09a399ea2724dc82219400c15ac64033903e80e6f770a41ee04c0efdfd92e3c1e74a416c5655daede3bc67c309eb5082f59529ca576c37255b8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
73e8c35ebe86f94bbfaba7726adec5de

SHA1
9948f057d9af59430378203e0e0d6754280788e1

SHA256
96b8a96c3fcc47b2a75252e1add4ec8846c9568231da00a95eadb4512a54dc84

SHA512
23819b52e9b6fabee8527512a203caf78d9e62c6654a8cb1bb688a011e4a9ad6cca1806883048cdb7ce92e900a4123ee14c98e9d664ae787f594ca0239f92ca2

Download Submit
\??\pipe\LOCAL\crashpad_1856_BGAILNBQKDJUBLBV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit