hxxps://app[.]salesforceiq[.]com/r?target=64b7f2da284e361e333f4734&t=AFwhZf19xazffGhay8zMrjXNDBJ1AtV1sQ1pNkkpWd3bxK0YaBMoG5rg_b9z5bt6hMJ_E7NugsUGtmeQOR1ijGSOTBHm6Ky8x-jlWyYHCNbHA2_pVM8mo7pgR5ykRADeJ0S-T2EVerL-&url=https%3A%2F%2Furldefense[.]com%2Fv3%2F__https%3A%2Fical[.]fedexdigitalcalendar[.]com%2Fdigitalcalendar%2Fhome%2Fopenform%3Fcalendarguid%3DBCE1715A-DBF1-4B2E-801D-DA099D572E1F__%3B%21%21BL9GA0TyTA%21a9V3efsJ-6m20KmeeCflPNk_gRX3G22F5hwUxTie4zZjsW1HoWyaFISmX3fhJcL7aZSCvsYQBgrUXsHQ60zIZAzC%24

Resubmissions

02-08-2023 18:40

230802-xbcs5aac5s 10

02-08-2023 18:34

230802-w798tsgh43 10

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2023 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.salesforceiq.com/r?target=64b7f2da284e361e333f4734&t=AFwhZf19xazffGhay8zMrjXNDBJ1AtV1sQ1pNkkpWd3bxK0YaBMoG5rg_b9z5bt6hMJ_E7NugsUGtmeQOR1ijGSOTBHm6Ky8x-jlWyYHCNbHA2_pVM8mo7pgR5ykRADeJ0S-T2EVerL-&url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fical.fedexdigitalcalendar.com%2Fdigitalcalendar%2Fhome%2Fopenform%3Fcalendarguid%3DBCE1715A-DBF1-4B2E-801D-DA099D572E1F__%3B%21%21BL9GA0TyTA%21a9V3efsJ-6m20KmeeCflPNk_gRX3G22F5hwUxTie4zZjsW1HoWyaFISmX3fhJcL7aZSCvsYQBgrUXsHQ60zIZAzC%24

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
2140	msedge.exe
2140	msedge.exe
4764	identity_helper.exe
4764	identity_helper.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 4356	2140	msedge.exe	63
PID 2140 wrote to memory of 4356	2140	msedge.exe	63
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4524	2140	msedge.exe	85
PID 2140 wrote to memory of 4540	2140	msedge.exe	86
PID 2140 wrote to memory of 4540	2140	msedge.exe	86
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88
PID 2140 wrote to memory of 3380	2140	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.salesforceiq.com/r?target=64b7f2da284e361e333f4734&t=AFwhZf19xazffGhay8zMrjXNDBJ1AtV1sQ1pNkkpWd3bxK0YaBMoG5rg_b9z5bt6hMJ_E7NugsUGtmeQOR1ijGSOTBHm6Ky8x-jlWyYHCNbHA2_pVM8mo7pgR5ykRADeJ0S-T2EVerL-&url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fical.fedexdigitalcalendar.com%2Fdigitalcalendar%2Fhome%2Fopenform%3Fcalendarguid%3DBCE1715A-DBF1-4B2E-801D-DA099D572E1F__%3B%21%21BL9GA0TyTA%21a9V3efsJ-6m20KmeeCflPNk_gRX3G22F5hwUxTie4zZjsW1HoWyaFISmX3fhJcL7aZSCvsYQBgrUXsHQ60zIZAzC%24
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe223246f8,0x7ffe22324708,0x7ffe22324718
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1120 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2249071875097305937,4623679988338406667,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4528 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
100KB

MD5
9cbbc729850ba1ee12d07fc70f3c4484

SHA1
8056256fdbe6812436af80203f49ce022836bf0d

SHA256
9d0608220ec5231514ab06fc655a075d42e5c19c2d2a23604a6a96f01ba02d1a

SHA512
1981b834b7f10e9aeca32c2e858c38b8554367bf4f0b0e91a7419f4fcdef3746489c5751cf71586ae2a02f17b5e25259e3739941ae40c78d0a524af4bb741fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
31KB

MD5
345517ca2c49f6512ef6e43579f6a28f

SHA1
e335ac12b0e5b63081bebee96da5ace0d79df9bd

SHA256
593df60015ce33faf2ae219cf3ba37b5b3b7ef60b50dee417e24db7de0678fee

SHA512
fc62fffbca4409293a00e373c5c426892ae6a621bb3297b139cfce3639341a87123d11be8ad3a531c58b250f047e3810afed474c746ce098c0bae97295e8ea1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
22KB

MD5
afa9df95afdf04dcd7c744b669c8c831

SHA1
1405e81ad3bf9141fb9e4066b96dfa0dd37f866a

SHA256
7626a3d9ec57efa353812cdf2c36e55e64ed6aebbab12da2f00d5fe86802d482

SHA512
c6e0a355fe85fa59b5146a405af5a2b748dd7ca2959d4d8318b93924c7072fe40f7c38450e245b9db9067305963325a3ddc1eeb50fe33ff81542bb77a3b5c407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
73702507a8f057f75b4c9afac523ce4b

SHA1
5167b89fbae4330d6ff83f3cc3a38fd2443195a9

SHA256
ca483edeb112a7328757d4076741758d7170e7a67d061a1c16ad99ff465acdd1

SHA512
6057e823bab1e3dc78e300008e4813cd87e4f768d99e2ad0f59efea4d0c09bdcfc520d88d87d9fb5dff5b98d913ec41d35d7398ca6847c7d4a2e34719c5a710f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
27KB

MD5
bab1beeb81b445d08bc52111cce2ed91

SHA1
f1781655da00c0e15c4d64b75e881d5c18a574aa

SHA256
bf4d998640cf06c94f5dbf152e19e0aa8f1864d5f62c45767668c62919c4ba58

SHA512
6c3b8e449568d8f5bd91f0afc766c41157a08f72bf1c002213a674e328e5fd48be4a290767a58c017041ae5d64862cb0268954ad6252219ea82c78790e73094c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
62KB

MD5
d9e295323805740066af215afecb7ce7

SHA1
0e906046199fdc65ecbbaeb641bb174d1d720bca

SHA256
b57b7a8c3d8095b270cc1242ec6bf443cc4ed3badf3ebb9e59deacd866d3c65b

SHA512
bb1e239adbb9ae02091134c7946a5cd289c5f46e260b497abecbbb25dfa6a5a896b0cec7f77c9f1e0823a10ec3426157554e89deb59e67416b7780728321ee31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
118KB

MD5
a6dfc904a7b193bd7356f0c2ba0fc35b

SHA1
f210de6127b9c09332ec71ca75d85935c29de1e3

SHA256
cb1d6428ac481afb963a90cd80e4f7e7dc93548c791a27fa454c94e630f61566

SHA512
a18e6d0b668736dfd858ecf6c41696bd48c7eecd14918ca4f29d369aa8aea2dcaa33d61735daee0e0e0a7e189a6cfb9b1629c2e06102c31504a7198c7c1bd3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
90KB

MD5
2e7b11e5440186c72801c65577a48504

SHA1
f0fdb75370db75384bd2a8c2b9234e4ac9ce1718

SHA256
ff96548c9419f4061788041457449c92c1c63cf14cd55fd5f705bf0ea6825089

SHA512
aa4d17ab740777a101ab01c19a4ae9dcdd268d9202fe078167f73d3219669ebb08bc65aa56a69e0f371b90ed305f526e187981a3644c9c56c9ba28f33dc064ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
382KB

MD5
a8de44769cd8d48edcfe8b52419da2eb

SHA1
ab0a7ef38e3550b571d79c7a8cdd462800047fb8

SHA256
824c5734e9801e879efad7a0fa6d663c341bf753ffb623a999d7266f734899e9

SHA512
93b779f413cd2e52ada02ec0943e0f41719d85b184ac86f01f9e5eb2b2b8b61a99eb78fb1c3f99041e004add0a3725ef670f3c5bd1c734a61cf5a75463013a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
17KB

MD5
f9f3a4bf508eec8270bf7c8fe4397384

SHA1
8b47c45b41e159b9dc2d6fe563b1197bd2a3ec16

SHA256
99f7cd905d160e4bf4408195b22a893a45661a8855a0841e207d5bafe7411d90

SHA512
43e6b09ac312c53efd9654a46d84fb17fda4057bc07cc49147ed955a9317943da5b6adec1bd3f5235d1aa7ee270024f600e9d0a049c6caebfa99eda87d407394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
68KB

MD5
92dfd868ceba9371254c7fdd03a1ff48

SHA1
0b1e93028726c52c52322d62b60b5fd77e9c0f5a

SHA256
f5d3085cc191875d9b63b65f8f3b2b496eae4747d8056bb15b649ce316eb25d0

SHA512
acac35b67ffd810a053cc6ec1ed466e383d3ff2b4eb6d3a29461fae59ad8fb1fd6dfcccddb5b82aadeb7b87cdc9e3e77515e427fcdcb45ad7af4f9413d852598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e58f9e8d56cf0c6f0b584f769df0c1b5

SHA1
334dfad167df02b24fdc432d2f526eb12ec699f3

SHA256
3189dedd8defba69ad741179360049e7b95af80f9e442a0199674619249100ab

SHA512
573d1a30b617f7611ba5bd6cec41a5c8bbd4822579897d7b38cac4d6a4e5f8ba079595b53c61acd72f76b06d7fe790a5535d88c63b858f591d5c5d9f4139ec60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3b3af4f7fefbbfa59686aeacadaf0ae2

SHA1
81855b61be4cca14cf552983e68ebb8e7d95e655

SHA256
10525295cb0f9acd329c6e47fc15c5e0e62836f221de9799ae18ed550d2c56a8

SHA512
4d16b065edfd66ec2a9808319b10765af4071d75d169d326e99d176c64c108d7c4a4d006d7ce949d2aa97396c5f6539bdb9bd578f7940ec36ae7ad932ef72e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a9194721ca15d5d9eb415cdc443a29e9

SHA1
6ed984f4566bee5df26c51e3c21248d555937052

SHA256
846c9fe7fb93f17b227c62544b71e17a43a0750322a1cc888213e768edb5c2d7

SHA512
1d1dab95753b736915f203449d4d5fa398c3f908de2777b03c354476e862666876741ff3d864e4e576f9d7758519542b1c173af1b4cac20e429417a1feefd2ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7151d314047a7b1c47409900eff09246

SHA1
c0ab46bb50899ac0bb465d9d6e1837038bce09fc

SHA256
df9fcec5a6d6453653d10b902f5945d0f81aa2317103f410aa12ad4622c9021d

SHA512
9d343bfa0a31384cb02102b614bfc73e6517856896d52ba1f9667a49183606ec728c6f92ebcd02689e4bcf0636948ca2c786e7ef7d692262f61a2ee7e6ada70b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0e08a66fb29709aa9e550d55407eb62f

SHA1
655907752452cbd6ba3b189efee9760805ca3258

SHA256
36cc0520696105b086f2702fa4ade0d2230d87a37065476fb2bb88ab67dde397

SHA512
851760696b85f33b3d9ac9cc6a0c8f7803e711eaf21645df9c614396e3e05c01bdf9018996b62aa189927041c2499ec3fe1daa7df445f889a3746b0d0b4dc311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d6832196d89b52222bdeeb58012644c2

SHA1
753a161a0170617c68bd049564ce929f7562a9c6

SHA256
f86daa7aafbb8a32c892bd06cabf127dd6b5269b5f67f577302a77df259cb7c1

SHA512
731c9f052099ba2b987d9216396346dbbe1dd484a5e0bd8c5f9f36bb3f7c42e59d7806ea2c7afaf0fa385b087a004a7baf43d705029d24e5252f06026f4a560c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
953b3e557cad4a3a76b508741e8534c5

SHA1
59f30ffac03902702325114c1f6db6119fe35e22

SHA256
b8a7d090675396b4633b2d1b15c8062e931392051d521242b0fa4d08a979d5e3

SHA512
948a4393ecc2d3776f1b5c1c1e5978f567fdf4c7a2d4b7abf3d0c92978f013f8443e1baf330ee3f974989f042f5b97706e09d08aa9a3aaf99863ec0f9e0dc4c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8815fb1c67b10faaf02a067cedb2a792

SHA1
ab5413d2e9c222a9ef499a6105be383e10a5bc9f

SHA256
2e6c7e670369dcda49e37326c46974db80769a6c21f4fc29b7f988163ebac8da

SHA512
55c52bed01a408eaab2bffde2166463a8cc65c011ede68ced41f0ab5f4266005fb68b096686d2c9f8afec90e31cbc428ad035b85dc19eee1915c32d558b0b12d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2018e674990d6482df67c5ad22eeaae6

SHA1
52658b55d5cdeae4af796aec293a4931c3fd8903

SHA256
8c2777b0c60da557b4649aa77571f472c7090675303c964ab62036aa021f7b12

SHA512
42b1a148c082d50030c5d81ec8c054bca131a73a76ef193f6e3e68159d8ccc60e6c0ad817c43d7039477f59984bae14a9073749d58ea312601613008e2cac88b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
202fa176090d025c4ae8ee15d28ec1ce

SHA1
9a91f0674db982ceca006e2de7847cd8305880fa

SHA256
328cdad55780f42b8939135eb84a9bd0129b3c0cae053ae75068437b05eb12c0

SHA512
edd0223909a9e91474632ab3104515cf3255deb659f86d166dbfe00f81d2ea4f007ee1d9605fdc3dcbbef0e6e6d1936900a9f5ef6dc9339d25d29807f87a64a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0058d1793d30bd700d42998f41edb7d2

SHA1
7b8c9fd20eb364d3653bd158b110d1f6b8e3e008

SHA256
aa271916c6b7daabc6de99e767b4cbb73c915182c62e194ff68ae1737e7f6eb6

SHA512
3b57d32c5f1a1578837a517db5db5885ab1b094f16a10de3fb18aee3c47cc902455ae6daad5f5cb23e62aca83d0cad91399ae2231ee41e4c5fd919bcd7034d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
25ba00795c1210d4cb45942bf1e019c7

SHA1
ea54f43d0fff82cf7308e93f3dbd9ab9f32e4bec

SHA256
4edd668c6f28d4b803c3012257ac6ee36f87ebc0f61286e00b14eb8662379d6e

SHA512
a4f6d3c787213dd6480e07b2783df60cf7b0588db34af8f5bd0457cdc042bc07d67b5ffbfaf50b4ec77008eb71d64f8733a0376bfb5d91c4b315b99a44eddf03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3a4c5f17be963991a484d8b06492da60

SHA1
a5fb6fd781917d0b19e94665bb2580227055792a

SHA256
f33b1166ffd835b303d376d881bb70bbefc09ce32305facc086e4112b98ae00f

SHA512
5ac13b142d218f224e96dc363c986372a2e52e8429a670f28dfbd8b0277009b77d875a08c23867d654140a1cd6178f47531d088daa1502803f88238a123f7bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b6f66a05792f6547a31cb5351d831c8a

SHA1
c80f36f229bd28e10d57b3c929dafd9e50132fa9

SHA256
2e17a330d74bd188f2779d599ca0d9c2317627dc92cf6475d355ce84b81e1bc2

SHA512
dbc7e5045ea13c7b576fc785800d0a81c7fd2ba578987da1b159ca10895ebafff3314a0e6563b648f0f8b2fa59df31023b3fb97292fec1c8dca3b6166f7939cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
22179d373576676edc246cf19d51c32f

SHA1
1a7549622e668babd430b798f9a3f201f3a10c0d

SHA256
f644f7c66fc235ef02544f440d51a66e6af120961c6f7cd5576957c76066de76

SHA512
84e855d6c1ca1afb4fbf2b7dd6433ce76c3806399f3a680ac52b2929c6323bb711ad992f0df8777b7eb7dfb1f866f0f1993c91c27ae2bdf38a183870cf4d4015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
eabd97005fee9a6fd6f04f9c16c41577

SHA1
ff4c71f7177395426dd71b3bcc8c840cb06fac6c

SHA256
6297cf3b9af12dc52a2303cbcccff82622ef68fdd7ba1c9dacbe343fa4481491

SHA512
0413dc9aa27e6e7243de41822ee88c1b4239da9094c2674b230404623c97e74997d7c08b5931e0a8dfe7b8c0e954145d2c54d2590dbbe003ae93f1894a918a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0c061ed03354a7afe9c9ae1202466aa7

SHA1
cf8630ae1c5db981c1d843dd3fdd6bf6c16e5250

SHA256
8997794211bb399e9b1a4125b82a980d832bffa04ac26238ddaf29ca153e1af5

SHA512
e258b263bd25110f7c1a57a3a036a3a3d4791df1c914c3bfa8f7860ea0216d8af9ecd223fc952fd444a25ba5b4743d58d75fc5d9c9646fe7db2c5f057e7a092b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
aa5389066c93cac3f002997a0edab8fe

SHA1
5d8c709319c76af236d75a7db6fb758c88757912

SHA256
e36ad6a7e4426601558f990a95cb8319e78ddba69629131005d2764461296430

SHA512
d545b5750eb73bf387e0c0a722466fe390c688d4215c3a98bb206e9c0cfdb7974164c3d225c95723ae2e41ba8b3756b8681637adddc30da74808a908470fd115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fb39c59c090f05c75f1ba44034773001

SHA1
6fb56f1f419ec1d9f1cb442dbeb85a62d0a5a920

SHA256
b41dbd92de0992f007389c1492667830734ae69b802ebde3c77191710b37c01e

SHA512
c47dffe56caa760d75dba4bf4c5ec1585bf1e4f0604aa9f8385a65a3f2b2f6b6477b93ca19ac0c76ee6ca3d73d4f4353c3112df37c2579abf8ac584dbcfabc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b6e42d1bbfa42891de5984627a6e3a1e

SHA1
95dc751e6328b7ac219b2d305266fc48d34c883f

SHA256
f093013cb1bb3bcc3c66c148f6c2f4ce52140865c501a5ee325d4d5fd4481704

SHA512
537538d0f835a734280a70614fa758548bf3a969aeea6f6a5f457b287f282aed962d836be2c8c8ad017b97ffbc6dc8fb64c49dc726078e819c4ed70081e0c537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6377577a94bf1f86acaa73aa08ceef20

SHA1
fe9dbb6799396cfb6bb06ce01e930ba3c2e486c1

SHA256
c23a0af743bddef5946eb8a373557f15ae01c1b3d64a2c77e1bff13c6b897806

SHA512
fc6d955c63404a95b97bd99c769e0a959a8651b04627a6aa437c79b137c91602585915d9680817a1c5bcfa137aa6bd2221a8c04ef406605915c140954e634855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587615.TMP

Filesize
708B

MD5
b28a5aab7f1b87655223a43be08867a2

SHA1
ccb6b7b93d5b5180d14a898630d4a21227bdca4a

SHA256
0c74d61886581e31a86336e0d5857209178967384919fec5b2008c99f866e4bc

SHA512
94423279adb1358494f2310eb25453732199323e7e4bf7e382e74f9a7bdbace855350b83fcdbe60f9efa17591270f2dbd8675bd11ed69f38280d23d661de261d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
72b260e2da8881fec65ddf6c1bc73be4

SHA1
1fadc4cc528ac724d33b6c891b495e2bc66285c2

SHA256
1eefb35647ca3ad9211158df3627d563616a3ff9902a90c99512b688dcf608ab

SHA512
655676f02ab6e2abd40735070aedc708ba2cd296f4fb0afe1132185d9be81d10daa06ac9d45ebafe1e05e3d6def37a61319227bb13dededbbc3851001c7cf7f9

Download Submit