b1e22731feaa39630fdc4ce2f145dee3984d5c8ec57e67d681c2bec7c0c3ebc9

Resubmissions

12-07-2023 17:45

230712-wbrrlsec33 10

12-07-2023 17:29

230712-v2m1nseb79 10

Analysis

max time kernel
712s
max time network
715s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2023 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Neon v2.rar
Size

103KB
MD5

f38b27745d24cc16c2d3c6e5fe933e7e
SHA1

bfc30c46362584622a863cf153ef8eabeb838c6f
SHA256

b1e22731feaa39630fdc4ce2f145dee3984d5c8ec57e67d681c2bec7c0c3ebc9
SHA512

a43beb185f76b8503bc8768e8477b827fb2a7faa317fc52de758c43ab82f3484415077450a29596f9c0087a5d637888c8d0514218750fc5f35c0fd777a666ccf
SSDEEP

1536:/vs6Xqj51478GgTnDdwsJ1RDJiXIAD1eAvG5FpvouWfx6s5/GkK1iPzimAuRExbw:XkkgTDdwsJDBLiWQss8uziCRE1A/CM

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

Processes:

msedge.execmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1043950675-1972537973-2972532878-1000\{49C7FB22-7D23-4E6C-A326-952C12604CBF}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
3908	msedge.exe
3908	msedge.exe
3108	msedge.exe
3108	msedge.exe
4648	identity_helper.exe
4648	identity_helper.exe
2348	msedge.exe
2348	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

4828 OpenWith.exe

pid	process
4828	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3108 wrote to memory of 1440	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 1440	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3812	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3908	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3908	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4888	3108	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Neon v2.rar"
1⤵
- Modifies registry class
PID:840

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe80fd46f8,0x7ffe80fd4708,0x7ffe80fd4718
2⤵
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
2⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
2⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
2⤵
PID:2716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
2⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
2⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 /prefetch:8
2⤵
PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
2⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
2⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
2⤵
PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
2⤵
PID:1120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
2⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
2⤵
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
2⤵
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
2⤵
PID:2544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
2⤵
PID:492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5728 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4924 /prefetch:8
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
2⤵
PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
2⤵
PID:2172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
2⤵
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
2⤵
PID:3624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11324982296973267897,15395904547691209218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6372 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4320

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7ad9bb1054aa03e39b3554833d0c3ec

SHA1
cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

SHA256
0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

SHA512
d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0e5ca4636daa85062c4e56b09fbc9015

SHA1
774f60860da21add47aab464f199cf25480c9fda

SHA256
887dab1cf631a33811faf04832bf969cfd4b191d7dcebc00358fb9ed0cc001b2

SHA512
2db3f57d58d515fb62004291e5e1b4c32f5859e6a8e451a56b269874ae80b5230b0f15fc2b505cae50e8bdec339678da3faa2aa35b048d74aa378d268c7d4b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
246B

MD5
ca52b4bdefd2b1db27a5d82b6712fe58

SHA1
83f655360e9a901e841bf46929dc55c7d8f3a336

SHA256
9a4f1beb491538d0eda0043ca72e8a5e8d585b0b11305dbc868e4b4dcb8085a1

SHA512
ed40bec20d993b9fb1bccd86629c61b378852ec19eaead294c477807ba9a6af1f70a37875de621d9f564b4bcc0deee82f012598b0be3d83e5838a28d5c95fa6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c4c5cff0b40159ced7b5eb83c69c0f6f

SHA1
a714ad27e20db2453bad48c0c1599a9112f2905f

SHA256
17a50d0883fde3e56bc3ab0f207144755903a42110335c908ab9496d3f4936bb

SHA512
88f5ebf4d3375e1b99f48e7686b2cf6a17f0def839d8eda168cbbe3c537b33ce60266c80f84c72b421cd7c5a6a4dd51ab0ebce59b20ee9ae0c380a73b9a864e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
875a4f580d80f9dc204490b7a136e348

SHA1
2e329a1a83c6a21491d7e70d86962c8a642ff1a1

SHA256
d5eec962c4a64e9f2d93bfb9efd156e2c9943b3c7e8f578a7500690c8b4770b1

SHA512
a42d02ad027ec0cc96ac9d06ab0f28478f262a3a0303094568a7826990520fe9e5d688b637db0fc47390c35f837e2e491f90e84c4aa0727668585251a4ce3050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44cebd254be93ff6e3c26fa97b8de336

SHA1
82d4ed9f4b5877d8cc3874c5856ab9585cf0aa65

SHA256
2e8ee3b38620893a31eee9f2b6c1837505437a228bd73dfecf6c164ddfe1bb41

SHA512
1d043cf9546fb0975c7da8d5ce03869c96bacc0e461d1052fd81fe0563a8bdf651fdfee97d7a17819293a4731713c2ee880c04e22ca76b284662489f4918dc39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d8b6465af503d68fa6d8d75b4006e431

SHA1
0f8016c42041d0d26569567d8c01b37894c1eb95

SHA256
40da2033764ef4a85751bbd8c8b4ac49fc18ed23830533d37ef4b91f3dd8214e

SHA512
c1caddaa4e440a698300024ffa6caa88925876084e8e10c8c797a8c3330ee5d2eb5200915fdc765f719fed7aca63dc0d6e2e8863e387c946e0f54d9a629cbc04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c944b49fe54a4947a55640f28c377664

SHA1
56320b7327bc3b6d33e2fd32b5a8a4c509e58d08

SHA256
93da2b33386cfef2d4a59056656f54e2fc0ab001f8c2b819c00f175a9cc399be

SHA512
cc2333c8ed24e3a41299a6ca898bac6fad37a39c35c82dcad686c89d27e451c30a1383ef6f9bb9941fafb1a704b9ff3c985225c64463546568348e254a5d9f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
caedcecc9219d7c33d9d55065e1eaaf7

SHA1
815205e96c9a029ae51b98e970dbb348be71fbb7

SHA256
0d5638d538edc4170ff8a469351f10ada8442e7b88226ac1effd8192ceabb34d

SHA512
5606748c2ed50bf69fd42ff9cac09abcfb4434ac944e262edf335fcb4abe1078705b95b0ba97f78a9fd9c3961f7abdce71ba802251141d481cb6c4c8436f13d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e62cc4051e1f8eaa0abda5d730a2496b

SHA1
d15346e40b196bc313cbfe5ac96b3c90b83345be

SHA256
ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb

SHA512
3e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d6bce6c95c52441d238980c181f8a8d

SHA1
5b17bb3ff9f6c2c5526660310c16152702d3abf7

SHA256
f4ca55f01bcb8326908074458b2a4b17d9370265d43d8591e262dbd3a7d85d61

SHA512
c232ab8052c429d39ddd5febbd50e6774c4227703a41a088bd69ff0a4296244bd1ae8e48bbecce252432042feb6223bc08d4f99466fe5a155e6c5fc4571e2da0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
60a3edcaf591744f93ee5dda0aa1287a

SHA1
ad698f090502fc2e0678bcc114a72c99cb19a07a

SHA256
1562bdd6394fcc08f460b786c8a3e4978272f90b0529d5ee2175fbd4bfb33983

SHA512
aa7eefba28348b428acaebb63027e1aea558069e5df42c60250765205fc4097d689f8c1e7029523653127964e52374c7a3c1067ff503730f81b08f0dfc0e4b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f6b38fb0ba600c67d86ed7956433ce02

SHA1
6a8049a56a615965b1ee0440d32d0ba012b72a15

SHA256
365239f32597db77e62f29a73afad1997b9ea8688219564f719cb8e873d9e67b

SHA512
e9129a28d3f7e244629f57183411aab6902b422e7d88ce8ee40fecfc8c2134147d358f7ad07006d422b3308bb4d770a202242864bc5e8c664230198833c1a5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb5128a673336598a1d83f5d00799c4c

SHA1
57d8db6e8afd390b07fdfdde4a1c26d932399463

SHA256
ff2388d0279a9740163ab559a1c1910d65d43bde7cab3a912655bce8d4384933

SHA512
e3da1ffdaba4f67ec895b85bcf58412e1b54a19f46cc593db98cb73b5e0de169818399b8126c0a0f8808476a9bdd72b25e4c6aaf876c812c8cc64bb5e1f636e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
98ef855a30d130d2e8210be67042b7e1

SHA1
f3d73a3205fa679907409278f2dfcd99ca8524ef

SHA256
67c36d0af279666af9fbbee1d7058553a7bc04efa873806ab34a81f188c30b64

SHA512
3558f85b2d3b03c996790f09231c0fc962ffbacdf37496ca21f3e31505e6cdeab9375f11937899b91b572ff7f544a48d470099a67f2f28a7da0c4277aace134e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
c4359789d4a9ca959ebc7af2ebab3270

SHA1
0e00156f1991fa773fe85b43c25ef889d2d20efc

SHA256
77ea409c5607ea378e570780c460e717e8542248c5487b866e469a9d26807eab

SHA512
d42251f617bb7da56b1507c528c3fb6b2cc8a612e3ff1a1ee0c0feaacbb40a0fb01ed78cbedcf6b3ddff67802d8a05a7d2a961b549ccd6a13eafcf7a49606682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
017d39f0bf4e6e6003875e158ed0757d

SHA1
cce24e5b4d198014f66a5710e0cccd61bae1cd7b

SHA256
31cb023c60d3aca22fe684431cc32cbc3b51980d70b9032202f75b473155a5f3

SHA512
d16276a3c6f7ac64cbb1bc41da30591fba0f6c271a61e691bd032909e8fabe424eda0b09f66422dc8a2177e1d52ee180c3f95ac3daf65e7486d1ff4f34b6d417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ffe9b0222c258b871aa61eaf4445b51

SHA1
57a370f3acc912c01f643212c93ad2afbaf59f6b

SHA256
22a7d2e21f8671585aa6debbd8ad4c20d42f75c9c1e6dfac8dd9fa2482792560

SHA512
4718b2b69f5c4a5fff801eda42aed5523c352081721f4a08a5da37f4ba4f4bc07c659cb271e6032459e8acea8ae1109ed0a95ef60aa1fd96396c8332c94521c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5cc55525f69fb767b01361ee877b39b9

SHA1
ef8eb799d153c2280e7282e12bb3a652599caada

SHA256
95363f9995ce928a1bc1c40e1914274a531cbc6006bad7ff9f684d47d0a5edc1

SHA512
d3b88b207fa7d7d90fa5da167e6fdf76c26c7dde4f1833dcd5281d743efc311b5efab58e8f18742828eb79764ba6af0aba72d133e31a29fae3836861a6d2dc13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5c1a6ed86e9c64f19e12511212c42fe7

SHA1
8fc6c09f5a5f35d653154f002afd01f871a01e8b

SHA256
bdc3fa0aee1672b3408250d3f2adec4ed3452169d7cbfa3ec7b9f72ab31c6d3b

SHA512
78be93df1cf3adc7b6bd89c3e4a4d5c28f397cde95e7f7ea4c472f83fbf2db5bed2790d3529c3426507379b735b82cf5896dcb5c1eec1da0c299c83fdb56d9cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ada46f9faf715426a02a3a0c2fadf40e

SHA1
1547d942bb37edfec961c0ab96b48000c1a40f53

SHA256
6b47520641f33c5a0d5fb131337208d36129642af059f1c76ca0dbe5cf4680eb

SHA512
36bd581fb584ee62d5ba62376d080df6e48c4802a35568891a47ffb80dc53fe49137e67263d02e88c2d013cda788b32f685242145316f8eee61fc6c579e3ed64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b1159dfa0fe8d5bdcd4b9d54be6a0330

SHA1
ac8daa0107c83ac7e898edb6b4556e1a1fbe0242

SHA256
07739a0abc1c990def38c61c4d948432093142da6482fcaa2c173d7ea8564a82

SHA512
3baed0a87e9f2f90a4282095f0ce25256254600b05640bd3372a359fc37b7c136f8a494e8d488cbadf76e09315f09be5a610eab84b959034c9c54f5684432db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
08f6ba254eafdc30adad9578e721402a

SHA1
3d804f78241984dbfd45319782a3b7f3866fe256

SHA256
e962acc755a7918e57e071207a1ee901f8bcb5f723f9eb68d211501916045374

SHA512
791a0de0c3ea43b47aa24044b5b21efb9e72fee1698e3afa52cb67e85196a50743a8b2562f1ab26e3286e59276ead14379b37f09e6f355fcee85370b71239b99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5301bf22f6c6f36277f4b9187a4f8b55

SHA1
8d2cbe9ab04e9a7cc3545ef33524113b5c95f07d

SHA256
546f40c3dd34af51055b1f079610d5a1cbd1119fb04f7edc98a690156947466f

SHA512
84a9733a410f2afa7973463c8cab32e1eaaa2818ca6f372e0a6727247c3386dc5a5f7c6ebf52036aa2305baff5cee74acf3649fa66267d0340ae9f8ef84e4ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
6653ea2bdbedfd5762b13b6d5da1e5c6

SHA1
a437556c16aebb2f5f3765224026dd850dffd219

SHA256
91947768b35ac0291cf527108f30756f0b805a77f053804f90295decda748848

SHA512
86c0013f30ef8647966d3bc685b883c9e73c9dbb1c4eb61112c32dacbb385e0298d6ab8940fe5325d20d047e507479c8b15a90df3a813fd7321759014d0aa8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9524bd05da3842e1f1c6b8f93b3b0426

SHA1
5d8004af168374f960e652e48453c8c0c3a15fda

SHA256
d5008c56a436ea174535246805bb5701a747ebd05d5ef2c90ac1120951aa6884

SHA512
5eb83ec3d4e6c434fc1917f555e6007f489872b1d4964b614366ea111e914f66fb979da0db52cc6a68cfec85915bc8aa2b083e87c209d2eea497b78953a0a6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1399cff4f51c58361c3ca4e894d29d9a

SHA1
a7eef85189ee4632b7abdb1d6be8532849d888cb

SHA256
2d4f5c0c683c0b821b2fe85f82a22cea0c82a931fec760304e3ec5f92284bd3c

SHA512
cf8e8ca11de119c2d6c424e5c53ec04d58092911d17bd4f5c336cd4a5ba8e49f18357d953f990cd644877a409e8f7ef4167e08a214c62b496946345b0d01e863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ed9a342e24af8d5f811edc62b1b397c

SHA1
5021aa08e0766ec78d239daf6d3c0ebaecffad72

SHA256
4fa822bfb67314d07e534789a313f873f00d3c965b820ea3169e51c43d0cc4c0

SHA512
20d740eea28fcde12001a170d15c46bf5bc25cc845cddbea6ce877cd05c4a08cb5185b0c7ce99c7f9ec4505938c65c30c5d4c7f4c7327011f426ce64f7a5b81e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
77739e38f8b479f0f0e639f3e349cdec

SHA1
fdfcfbdfc628c198457fa90b3cd5cec1d224ceb9

SHA256
b31908117daed49f61ae845661f9e9de1d1ce79814e9efc8aacb7e8f49099ec2

SHA512
25e29d8949c4cb20b0c68fe115e15407fe1cd44f8456435e3d0e3e96281dc222630a000c08df592000dfc1bb91e3f0b1605454007b55179cb444759671089d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ea13b4146c8a8c77667027967473f1c4

SHA1
45630aeba90689198801e36a5e0ff79f2ebb565a

SHA256
f28610c8020667d688b0e247d99389a257bd8307529fb5d74ae6bb74674bd811

SHA512
c7068f3d1e052f9291b1da4b37e522f3bdfd6dce89cb3c696e439f952ab71fe4ab9838c99b02280d433185bfc7a965c15366f2a1be8228ec4eeac1d72f52e13f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc173cd71728e46bbd2469d13c8e1a1e

SHA1
ec132a8e16a0b54ffa0ddd5468afff75cd3b0c18

SHA256
52e47d994edb6e1eaa0fcecf842cff2926d6120b3d9daf350d643006ce47394f

SHA512
8a720de07e4c6cecaca8aff25e58af69c66534cd316169cd4d0b6514980b32eb017d138d1488ed441fe9f980a52c1ffff484d94327a12fa6593c02067d5a9ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1ac96d95509d9bb3265c2d8c46e70e15

SHA1
049d5dca619f9b52d7f6cbcde72afa396b1640a7

SHA256
ad6dee212912dcb0e1e8a6de0e3212195f3ea6b1f4229e757f771eda772846e8

SHA512
59bb7648894aae567d210e099726f886404ff500e9bfea589aee0269beed300276ce7f4c4cb53281d510f5828fc8c1505ea5bce6708ae48190ef0d781413d07b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8d1022db91dac95e800bc6fb49360019

SHA1
c90d32b6e960b41ddd4729a1590cfc09d203f0fb

SHA256
39ff62724681b6ea406a3ee475db4d1e3fc7a7bbf4db407550c0e73e602346af

SHA512
df84f5392b2a4d4264b450fd4ea940f436ca4563d1e30c6ed9c15dcb80a771c2774a38c9d37ed58990557bc172bceec9a624b16709aae24ef708a50f377a364e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
85689e502722b80b4ba4384753299e68

SHA1
745b3742f4c700aa745884b031aa59464d1e7a8d

SHA256
775810f9f55c61480573bc8d580227cbee136cc8c5d990352d61ba7c7ad196ab

SHA512
e743ffcbff759a860ca591bd72bdb5d42086ca5cf9d3b2196002fd683dead512c2c7a3374b8f3bffaf8844b78272bf3cd4f768d39a4a42dea44d98bae2b09396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
586f016feeb98f9a11d18560b19ee9cb

SHA1
ea90280cb54fa6ca47e4a6e5f5a9442a5df8c699

SHA256
bb57853688024ddc7210a2521ade4eaadf224cce1ebf82815beba6442f6d96e2

SHA512
b5e291a7511a164b1cfdae2c94db5fb3fcd78b917961e3b03a9eeaa06c14ac895d7257116137b435f0b6fdc42e2df257daf96908f41e96246ea3642904e6897c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0dc07477f018cd9c73f0459d195b89b

SHA1
7827b09068a75838b350d5fa3e85ec0b111b257b

SHA256
d1594500531b837b71d1ac528b5d552741f41fd45e9db31939f50d7a9b014feb

SHA512
5be0b215ecda302b69ad4be264a7b17476bbc96c09e01182de32892d9936707b33ace689f8fb60bb22ed66e5a4da15ba6678bb3c4879c0508b0669228b945cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5695ef8eab53760c17730abd2d833435

SHA1
bc10f86e0f8f15b7f0f9796bbea29a60375a2577

SHA256
049f512348f7d25aa62c85ae8124080e0add76dfca9aedbb3d0ad6841174396c

SHA512
8dd6a9787fd7aecb0b802411355fedd165b92456db9ee809fd0467784f081b8de2100dae1770ea7980b433d0511946e4821d4e31284c96e636ca8261b8bba2ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f598d6d89fe6b3f1b6f2c3fb6188e8e7

SHA1
e14d92674f175bd73a4322ead9dd21fea0d3aeb3

SHA256
e40d02b06ef68943d52a20e062efa52219060365ce7fc397c4d302ec4bb8a97e

SHA512
2d550ee810abca8f7aec0c37e3eb360fd998b60ffd03c83a6c51612b8aaca00dcbd14ede99eb082b7b7f8f75eb422df4c27b5a9cbb60e55093923404f2e64f9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
73527027d47ec7c28ea85af25ecd055b

SHA1
4f2e4a23f56e5e5c0963a4760cf59d2d2a35f8dc

SHA256
417b3e9c2c6a764ea42e1c6b6ee63513d3493ab6b1eb625e7d0af22135ff5e09

SHA512
3f0034edb0ca1d7b9ac60c2f4558ee4aacd726bd7958ff8fde03a3218ba8abfb8d53b1225134422bd503b62dd3311e577504421dba2d150c68e030977011e3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bcf9732227fcb8c70fb3ab9339ac2d35

SHA1
98a25650076130f2686bfa4adcb4867ca38bb17e

SHA256
d22ea5ddac4b83e9d72bb21e8989770e91428c0a38f05a1c3a476ea2861f2c4b

SHA512
93184ca3abc970b0c6bdb9ea66251ab9c28bd0003aad26a4ec2332f1d2153ae1eead12cccd7ee9d91d05698e91375122789450f4260dea99aa95bd7d2263e44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e9ff2caaf6e8e02c44307219de4f1f81

SHA1
6c75c203d5a75b11ef414c768a8fee15355d8c4a

SHA256
c17e5c6e55b5a7b6c73026ae811e9966dc7d944200b3505f5c5339b2733c4c54

SHA512
b3f2f694a5dae6d1e27c19bda878a5080cf08b3a6a1481560e03aba581f967a88f45b74dd7fd4c22a4647521a0ea7deed87a34d0ada14034dc9067d8415863ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
07da37ca70b0943b3a5d4b8077608846

SHA1
c4ec972ecd1995ef9bb73317eedbd32944ec6749

SHA256
5004c0939d0fbb076f5da3bd0650548315f24c80662775b7fc866557cd6f7c0c

SHA512
783c00134d37ab8d39a9f00e8767f32c29571c4f8d5ecb663555fbb6a1cb4ad6e1cf98292153b581b0b841285d1eeb8cc87e3603428d354542dcd8f5cbd85218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
546164adb80de022a21052fb6dbdff06

SHA1
54ebfd3bb77a0f2c6bfb99481208d010cbebcab1

SHA256
c9a37d0b9dc7466ce6e9fff4c42081e7f16a45f1b159e28eac5fa16ee1a050bb

SHA512
dda0ef9119917da4194f5c28f15f7d5495a08e092d96a5615fb576cc1a4f4857842e1c355de539b91f49fa6b5ba5f54aae590abe5c1423edb6263579426c36d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c21848eea87c6bfd2e60ace912c2ed5f

SHA1
705895344a76a3e31f87755c3f16dd5f396d478c

SHA256
e713656a81d33425c0fee8f720b6bd6560637b217daff851b7cffae602d983d1

SHA512
b9033d9a0da7b084a751849de8b290030d065afa326ceef9367e47dba7b131ebfbf886224d6cce73a720de50b08e261d6cde0a4c9839fa64a4e855dfd81a8a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0c686f5452cfe35961f349c049ddca0

SHA1
e1bed060abf470eac7e4d43db70bd711de6cb30f

SHA256
9e83b3afbd1bbbec7be38e6939e76e1413fbb29a042eb0be416d9ca28da7579a

SHA512
b20fed2a6029eb5f4191e2f7d1f69c93d96c570bbc1839607a1e76b42d3ad8d90c61499dfde6e7e1cf68fda64573b167525c16292d84d248a84a023f62a444a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b9e3aba109e27bccadad131ab905e3d

SHA1
e86c4e5401d628fbb67d6620b55cdd4c619e29b0

SHA256
9ec598a508b6ab51081705597820ea111a155f33e10afed5ca812e6e8b4c1ae2

SHA512
14ec8e0ea84aba073df94ea6c7c058d4bb55f4343d4dcb7f0177bf5c63849925985e00e19c84918e871c4dac02de3546cff373dfafbc89f29eb9fed2e0055315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7851d138f797fe21c265b3c5ffd28c6d

SHA1
0568b98ba221c0bbeb3126ff316156afdbada5f6

SHA256
da2832eb6367a8fc3e0628aa1bb9c58fb4dd9dc4bb1ad8895f426caa2b08a295

SHA512
c69d3b4c6b42cbc158ed5309f9cc789fdb3afaa3fb036aae8611dc69051918cf01f66cdfc3093e9c15859817c8e20d3c592de998f653d2c464b9a01b306dc5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
31197c382bacfddce78a8ba02ba6bee1

SHA1
b99276a8e469430a04c0ccddb0d1adb70d1248a9

SHA256
d15d5021efda51f77b32ad5d555c127432c5a90f83d297fa5a72e359bc42d4e7

SHA512
75ed1d7ce69ae119982c1293214d54dbc58276660a91ee27c4c83bb7b32ec6b0d9439fada1c1a633935fd5e691ac976dfe5959a2b8f2f61ca5e3740c5d8abf92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33c24eec33d957cd0f7a0d10d18edbb2

SHA1
932d41cc0ee41ecc4cfebb610dfbfceafff63d93

SHA256
bb9c5cc00ed596fc40d81e13249b9e8a0a3017c00c1969972ba21c106085cf55

SHA512
7ff7366b0396448448080ab5300ec1d41e31865aff5300551fc8d8e129d8daf07cbbfbea8c20fa450aeb1317cb3abe11505a69eef63bff3e025ad57f83fc6d6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
908781690f8552e0086a58fd147f552e

SHA1
bff297c692b2b74bd56bcee838df6688928c78f7

SHA256
7c0385b03c26750e61fd1690d8993641daceec680aa208d0dbc495a3b34b7ef1

SHA512
e9c676a252fdc77c9024d16f854d42e4fbd7d179cc5cd025fba50cde8f93212c6f9f02f0afe417da1fd1afd4a4bab59d64d5d59c0826296637675f6e145a18d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
60b5b5fee451382f66dbf092b42cca50

SHA1
a72f41a7b3352c1d78c1d8b6bec37837251613b1

SHA256
5009e2253f7e013be3ee8ff4fa0da5f287beb83b1b51c4dc10e8925f4d5dffdb

SHA512
6f1c61c7d932992de3c7dfeeeeca60559bf61ede51646651d30f0a79f869c8b8601fd9bc33391e946bb529fd2550847da298222217f73c9889244e29c2ce8e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3bf5efe1505fbfbc8f2cc393a937aa08

SHA1
5936b9c55256d82215d679bfa7552d6ae609cc6f

SHA256
c013e79308aa17dddf84450a992657f05b9641a674cfb07b2cb856468d4185c0

SHA512
db09db5ca416b73af1c9d7f9a488474979159a1f5c9c63061272fbb423ba4de69c72b4b88ead92b5f1cf9fee274f9d2fd11b8eb015b6056952f9352d6669660d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e0bf2a154e13e04f3d1527c5b5dc6094

SHA1
47bfeb2bebffb51500eba9f8a9933ac4c1e82951

SHA256
510c51c21a84b84865958119d41d3bccba04cd5a66225814e95e5bed897a478d

SHA512
d10ed763a5caeebde29c0c19045d5febdbc582c36a2a85d48b1434dc4b42b7438b1da53fb73e9cefd76e32c17643bfefb0193b6d19ccd6819719d89f20a77a0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22272ecda3107e2892a2cbba438781e1

SHA1
f703732af7f75195bbcaa02df723e4dc6650d4c7

SHA256
5d61edb2d913283322c0fffe911dd489f8ff2f3e4f72afce8d04a31f243eabb7

SHA512
d687ed735391876945af9f3d7bb67a403de9b580b423ba53008dd0ae95dad7275824a251947294e2e49038eb1f38ace8758c781b57f55bf684a93917da7b9f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9868f5a1ec8c54a98f6d9d040a15456d

SHA1
54c75f5455ee5591ef19f8bafc9803de87205e87

SHA256
5d39bd7db6966e67670279443ad26a89e666af7c9512d9b69170101b32775103

SHA512
5c9f2a292681c4f842464ec4fafdc231a4ddd3420a7bf8633579c577d00a8cf72130db697fed4f0299380cd114a5ff12c2d945d309c426bafd165f934958de0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e88e749364d026ecca1e660d0951f4b6

SHA1
51ada4551aad26e1b045235d407136ce56549c6d

SHA256
85a42d7e00a54387d523cb1074ff2c069a88586991c8d5f2506efdc173a07eda

SHA512
fe41d36c8e57cbd6f288361ad2280808749751184476300a51bd9a7202658892279da8902a45300a8cf783dab2a2d16abded87fdd6e58fe2bdf46ef747711e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a4fb7.TMP

Filesize
370B

MD5
c8ccae5d20077415bc469372e84923f3

SHA1
242f894e5c85c908c91e9ee9484f58edf6b3a767

SHA256
03965fb0082887b7e240087f93f4e794c8f5a1cf10c4e11bb70796e178f8241d

SHA512
c737ab896a2c71753c4b2ebc0f6f4bea1886881e4247ad725ba31561c749d627f7aa28372860bfca18c2a46eb241634eb11bb3ed535c5e15976df51c1ed78272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e9f14d8f820bdd5ba0b0863951ec5610

SHA1
1076da4f7496f036dfc723b2dd9ace41b6032171

SHA256
45c744f485546e02b562d79e611e42776f1298e41ce8acf9519def37b3c8da07

SHA512
7e35eaf3e61afd067b800b473620f4ee403df6d56ec001da6cc6586978df02d60bba351f463b9126d1489d901f0023bb837aaa1ed4e8989c67254aa65ce009e1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3108_UEIUKUEMNUCNSAAS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit