hxxps://login[.]microsoftonline[.]com/redeem?rd=https%3a%2f%2finvitations[.]microsoft[.]com%2fredeem%2f%3ftenant%3db93051a7-5ea3-4544-a482-8bbdb27e414d%26user%3d7da9c361-e272-4c60-b17e-bb9edf41def2%26ticket%3ddjChzyafepYcHR7NZwLsHITGdFFFfQXWwcJjeZYqTvE%25253d%26ver%3d2[.]0

Analysis

max time kernel
145s
max time network
145s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
02-07-2024 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3db93051a7-5ea3-4544-a482-8bbdb27e414d%26user%3d7da9c361-e272-4c60-b17e-bb9edf41def2%26ticket%3ddjChzyafepYcHR7NZwLsHITGdFFFfQXWwcJjeZYqTvE%25253d%26ver%3d2.0

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe
Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid process

792 msedge.exe
792 msedge.exe
2512 msedge.exe
2512 msedge.exe
8 identity_helper.exe
8 identity_helper.exe
4132 msedge.exe
4132 msedge.exe
3180 msedge.exe
3180 msedge.exe
3180 msedge.exe
3180 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

pid	process
792	msedge.exe
792	msedge.exe
2512	msedge.exe
2512	msedge.exe
8	identity_helper.exe
8	identity_helper.exe
4132	msedge.exe
4132	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid process

2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
2512 msedge.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

1956 MiniSearchHost.exe

pid	process
1956	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2512 wrote to memory of 1168	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 1168	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 3668	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 792	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 792	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe
PID 2512 wrote to memory of 4652	2512	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3db93051a7-5ea3-4544-a482-8bbdb27e414d%26user%3d7da9c361-e272-4c60-b17e-bb9edf41def2%26ticket%3ddjChzyafepYcHR7NZwLsHITGdFFFfQXWwcJjeZYqTvE%25253d%26ver%3d2.0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc6db3cb8,0x7ffcc6db3cc8,0x7ffcc6db3cd8
2⤵
PID:1168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
2⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
2⤵
PID:4652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
2⤵
PID:3536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
2⤵
PID:948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
2⤵
PID:2324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
2⤵
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
2⤵
PID:3284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
2⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
2⤵
PID:4168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,17726824653343500484,11437992151480324727,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4736 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4348

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1956

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
384B

MD5
703acaec81d3515b0340ff681fed18d4

SHA1
0fd42ce940aafb9e5a84a90af92b23cceac262d3

SHA256
6a5d20f02a1aa81ac454216c8567186c7ad82c48e0a65d11096e8ca9679ea233

SHA512
119c0da1b8ad6f8922e8bdf077dd294efe4a0a48a0599c9a27383d80f3c913e7108e0af257434af5b7d4fe0265d868954a75d6a5c5f83bb6d8757a966c4fcd13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
9860e730cec510cf06a2fce026c82a59

SHA1
fc0461a4236682fdf2ca59261a57c16344410ee5

SHA256
7ffd7538c9241f262b0b8b1f7a6cc1e93ef334bd09c8600b51e7a7798603870d

SHA512
623ec3cf9e1d65972b4b314f94ee8afa976cb088d5c3e924de30e4921cf3bbf3b3d34361a1db26b2ec687d8498ae197be7af4862d12d6ec5d4214ed84981ed45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
527ac775ba1c7b1fd3274696d5b7c588

SHA1
2783767a0b68367eff804f5c01e5a9f1ace6081b

SHA256
664dcbf21a59855a2c6c3f95d8bebe0905939360d57b8bca804594cc65a747e9

SHA512
d7bc4855610ee3ddaba53e5f8737955be9b7e7e887d1e02139abaee95dbef3a39d79c4f86fc2d427339c32b1bcea4c4ade353154a402c1339191ddbd19304f38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
acfc3c47f24ccbd0bef3934096a898c3

SHA1
59ef780c1db44c5bbed10922f7109c365f721a82

SHA256
c6894e00b955e5e81bfa42c68ae7e2aa4920b6bd93bdddc1f2811f6a0b83333d

SHA512
c27734799772f514d57707beadf43957af4ca6c8d38b61286e84d2e21babc9fb45b095f510be9dd94c1969c6c9f005fbf2abf774df144c4936b2a0258e37c32e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
87640f1a74d193ac1996644300355e26

SHA1
d2c21c5f6ca2b772199df5332126251193e77d33

SHA256
1cb840ea4666b1b8239568982d6c796741cd7b8310fc60eab2acf4a83921747c

SHA512
7fffc3684c1d0487d4b8cfb494ac456aaf27e8337232a0c9bc60d0ab9934f1b4b072a797caee6c7398cd8407832f32bd1ec9a902d8b73bdab6a7e894b20f26d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
873B

MD5
0851bd6c1baad232e96dfcf186a671ee

SHA1
4eb4aa6b0dcef8ab186d844f3b8457f4386a169e

SHA256
f3b477794da985ece0445290a95cd1a5c76b9681b919daf17a947a7a4e7aee05

SHA512
e978b1e45711ead84a122c99111064660cedfed1014ddf4fd41545a5747d709d3a7a6fc893984167141b9fabd3fe3a1b0b940376fbf8cf5aea4cc5d71c6c2f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
706B

MD5
22bd6593d5b16ad668ed7b4b3dec466f

SHA1
cd10b8e4e343d7fd67f77a6ef054a85fa5676a4e

SHA256
a2f88013704383574ec07620b579e56163fffa5e69e287c7999312158a073395

SHA512
a058f1f54b7df0cd354c415b73d572380a2cd22fead1d0cc7fe2f3967abefaa6e2c06251382fe08b1377d720c5914d2d66e147a9c12bc3e0543322ca3707132e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
873B

MD5
65466e5421429bcc98af69db030eebe0

SHA1
6f9a8f3f645500c206c242410042ec70ce3c1475

SHA256
b3dc5676290875a11fe922d1cd303a0d78fe2196728d15c7e54e9e0f06e71be2

SHA512
5d993b78eaad7e6500af4d4c5d484aea9d270e18e9160b597aec81223471bfdefcb10bdc83795405be115a407ceed79000e209cd832b08e2289a2e49589ce8a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ca35.TMP
Filesize
538B

MD5
b29fa0c8f1c2371e17cac4f35362abcc

SHA1
ef5b64278dc63d7dfa39f607f4341dc549f7554b

SHA256
0a6e635f3140418694044415c1c159c8c520331635e9aee5b2f6c825bc4a4cef

SHA512
702d87a270e77b42047fe11ea458559e74dc47cc8139ae2ae369f9570a1be6c6139bb2f0be6e23f0dfe54389cd76a8983ffc2f186de31714e326d479bbf6e3a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5308934516a0130c6772a69735303f89

SHA1
fc9dfb179457cfc7ae519d079016669f25850816

SHA256
95e20954fb04e2ad1c51cafb5e98785ffa9223b999fd0dbef04e707ed5ea17fd

SHA512
bf042a4cb2bca9818d5ad55aaa48c64bd4012384a3a4d2b89c82240a19884876b80143e11d00e7c27cc665b1c251f1fad0b7c2eb9dc6041350b23168c5ed27a6

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
df46eb1fe5d54a0521d9965203a4a9da

SHA1
e977aae1bb82f3d57267ead3b91df3d82d6d50c6

SHA256
6076a9ea8f52f5ad109fbe29f955ee052f626b22ee45366bfa83f70706744b1d

SHA512
5bc5f8d247ba164f1af6f4ae902906568a4e9baf05c9782d999e537730d8cfe443daac6f44aa246f27e9678237a4b57a7e8411e3c4fbe88e943525cdb2ae239e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
b11a15baac2a74995ae6f353e63723ad

SHA1
a64d549fa00962953eede6bb877caa60862cfbf3

SHA256
69e2381681ce85f320660228583f2ed1604b1dbfa90a69dde1a4853aca900778

SHA512
3406cdb89d03d3dc114637d8469f265d25857538e52f6f76ebd6272d4c79d51fbbb6c711e04605fb9ed1875ef870cd0ef5f18cf8accc5ace2a3ead72a3dfb8b5

Download Submit
\??\pipe\LOCAL\crashpad_2512_BOTSLTRLWWVBGNIJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit