hxxps://www[.]mimecast[.]com/

Analysis

max time kernel
962s
max time network
979s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2023 23:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mimecast.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
2856	msedge.exe
2856	msedge.exe
4708	identity_helper.exe
4708	identity_helper.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	5852	svchost.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 3412	2856	msedge.exe	48
PID 2856 wrote to memory of 3412	2856	msedge.exe	48
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 216	2856	msedge.exe	85
PID 2856 wrote to memory of 1088	2856	msedge.exe	84
PID 2856 wrote to memory of 1088	2856	msedge.exe	84
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86
PID 2856 wrote to memory of 320	2856	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mimecast.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2c0846f8,0x7ffc2c084708,0x7ffc2c084718
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,1153368678420568585,13021085791302811531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1153368678420568585,13021085791302811531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,1153368678420568585,13021085791302811531,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1153368678420568585,13021085791302811531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1153368678420568585,13021085791302811531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1153368678420568585,13021085791302811531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1153368678420568585,13021085791302811531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1153368678420568585,13021085791302811531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1153368678420568585,13021085791302811531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1153368678420568585,13021085791302811531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1153368678420568585,13021085791302811531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1153368678420568585,13021085791302811531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1153368678420568585,13021085791302811531,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3712

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1428

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
9bc8d5e0cbdf1100a63fcac718a31bef

SHA1
5829ba74ad23e1affbc5fe3f304b3cd99278f730

SHA256
470d7c7afbedebae0e261728dffa607c81d762d8cf3313cc5a1bb96c54913068

SHA512
be794c1e48d70e21b97f5f80710d3c1af705b0407e508837cb522459fb0d739de06aa42f96319ed8103a9927d6fcc1262f02257a050a123625bae737370018d8

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
8301a1f77cdfe1bbfdef4d10b689bd47

SHA1
aed5ea595cc554ec89a103dad66f82b78b41b14c

SHA256
845c6a4403675e8116c84eb7f9967a7e66b41f9d4b8928913c233f6059f95f9d

SHA512
8c6c6bf51b68077985589c79acc543ddee52a620897152d96b00bb4d57aea122aee0141dcd4e88257a1a5156be7040d30e41c91b26a18457c044397955cb529a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
591a48584ba4f404edbc48e7ef296340

SHA1
6f45384203140320c6398d8bb60e87dd0cafa80a

SHA256
aaaf698c40f61b2363cadb0565b3d670093acc35622586e2f8ec039ccc7a0aef

SHA512
7a6d30b543814df71564379355e28a6376069ebc1a5a3b8e947849443ddcc193454aa32123c00973a2b8ea8cf0b211ac9767da97a6fcc1eed776b1a07e21d2bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a67d7e4e1e2e96c433ee749379f4e692

SHA1
3fbc2cdac3efbabac2f2b7b4f1510bfdeee3ec7a

SHA256
75b0d9e70819cf9253bdd78a83fa8bb7da9381085a7934e6ec12ad0f8153ad8d

SHA512
a6cd8d580d26b44e3412e731219a1b0e2df744bbfa3709bd76bb72a02592cf421de69a2bbecfd3e6d71d6dda4c5aa9940b5f02b1473d80ee0634bfaa0a8ee852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
92af86d15f2ff548f17bb98600d5b659

SHA1
e36ddce58bf12977a47e794feccd084366bc9b6a

SHA256
86e9509439a2ac56cb5dffec6375a200836bbd2e2064d86275da52e8e64687a6

SHA512
70447fd8a2d53965673cb1920576a1ce3e64b783f133aae352bb4ac34ad544a84f20949c3407b7774f55136f72781fc0c10e20a5941aa318c022bf76e9f2858f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
363d02458e0956d03ea1f1662075c007

SHA1
3e319b1cffdb849464261fe0345ae17394d15fd2

SHA256
91b47e6e0f48645714f62db4e25ee5f80147bb422019c699d49bba5b4f8036c8

SHA512
c6b8261237551712c43bed30ddd71bcb2a5817326b398cab52c7321ac193a69e4c3a2159cea282430ded1f0980f75f6bedf203277c6dbb11501629d984a585b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6dcb90ba1ba8e06c1d4f27ec78f6911a

SHA1
71e7834c7952aeb9f1aa6eb88e1959a1ae4985d9

SHA256
30d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416

SHA512
dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b91b52be8c376251e38dcb8f672c7b9

SHA1
1d6b8e74dcb618cca8736461fb5ff3a062c6cbc7

SHA256
5ef17d6d7f6b96b893cfdabeb8d6ae51077651beaac2eeb869437406ee4cb339

SHA512
30605f8aef4213a6220f44267983c2cc7f0169d4c545a828646ca720e46157a8d6d14f9c1a406c80ef65d6dd24c9783a01e16eb92a06d40e5bf8e58130bba4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d7934e641624e9a78566d7c9254f84f5

SHA1
711dc9361df8bbaf87e12607897abfcb1d7cbd22

SHA256
340ff9c1d223484250df4a1b1d7f4537b79e296de7a5418d575995771abef913

SHA512
0705698465d0319705cb4ce9dd88f00aec22684cf991893dbda48c0b266be86282b257175e09838f14371b0bedf09083dcb980bb180d08bfc218b87bc09b555d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b98709aadb8ac2bc2a91ecafea774b6

SHA1
cdd353432c69b1256db2241bae03cafc7a1580e9

SHA256
9a1003930b55df750d51b973352b8e6f67f139757656aae1795dd257fbcef43c

SHA512
81eaf7e589d860d522ee3dd15fb07fdd435bb36af8c739a887e77a3568bae01ba56135bd165ea4a12f7609105c4d483b9e542e39edf71f10cbec89d8c056b693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c37f0b69ac29b14fb843fabba177a44

SHA1
8e54bc4d9ac9d2cc9767aca384344bc96e38b96e

SHA256
2b45d5288f5503d2325440db9f65e9bcc16d3a6a59c450762af302256b82b3cb

SHA512
36598374a527f6461906e769475abea7f3e3f76adb627b39197eb817322c37242225e785d4418ab028e6674d73c64a2607ea8ee9cce03eca457aefb8f90c508e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0b2fdf77b71a872d53a35fbc787d1fee

SHA1
0297a130a970643999d984f66f54e914f437901c

SHA256
1015983c650d87e7cbf14e48cd1525ac0faa24908f2b90363d3c3549b798475e

SHA512
0c069f75fd65288cdca219804dbce28c1e3446ba87f9afb10d999e9eb580dda590f09d7fcc266d071186648939cf247720e9fd68e3ce48ed863d08bbedbd8354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bbce.TMP

Filesize
1KB

MD5
76f98994a8ef0845dd496c0c06469ee3

SHA1
99bc9881c0253474889b997175bb77694f61587a

SHA256
c05e2055ff7822bd1b645ca4cd2c6b2f531dbba3b2c296ba6d6f19b72f42e30a

SHA512
fecb45567ea80390e26224355012eeb22290aeaa606abfa3ac96640c4e103b79a6f301a8a49d807490384547a4239477020d31623afcb2ecded4b1af086b3db5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
408fd30d78c36e4cfebeea2dd83e7226

SHA1
5837e08b7f28cc388ea92aaaa1685ddd32635f47

SHA256
7013482e37c6db79e4a5a35b1e537e2260b32879a72e2490845118746fa029b8

SHA512
4408dc9db9c31a22f7156a04d369bb89fe62fc758973668a144782f16197c4ea10a9224755cfe3dce12599de7f80c4835203b56ad25b7fd31211ec2e899f5881

Download Submit
memory/5852-273-0x000002642C990000-0x000002642C991000-memory.dmp

Filesize
4KB

Download
memory/5852-283-0x000002642C5C0000-0x000002642C5C1000-memory.dmp

Filesize
4KB

Download
memory/5852-271-0x000002642C990000-0x000002642C991000-memory.dmp

Filesize
4KB

Download
memory/5852-274-0x000002642C990000-0x000002642C991000-memory.dmp

Filesize
4KB

Download
memory/5852-275-0x000002642C990000-0x000002642C991000-memory.dmp

Filesize
4KB

Download
memory/5852-276-0x000002642C990000-0x000002642C991000-memory.dmp

Filesize
4KB

Download
memory/5852-277-0x000002642C990000-0x000002642C991000-memory.dmp

Filesize
4KB

Download
memory/5852-278-0x000002642C990000-0x000002642C991000-memory.dmp

Filesize
4KB

Download
memory/5852-279-0x000002642C990000-0x000002642C991000-memory.dmp

Filesize
4KB

Download
memory/5852-280-0x000002642C5C0000-0x000002642C5C1000-memory.dmp

Filesize
4KB

Download
memory/5852-281-0x000002642C5B0000-0x000002642C5B1000-memory.dmp

Filesize
4KB

Download
memory/5852-272-0x000002642C990000-0x000002642C991000-memory.dmp

Filesize
4KB

Download
memory/5852-286-0x000002642C5B0000-0x000002642C5B1000-memory.dmp

Filesize
4KB

Download
memory/5852-289-0x000002642C4F0000-0x000002642C4F1000-memory.dmp

Filesize
4KB

Download
memory/5852-270-0x000002642C990000-0x000002642C991000-memory.dmp

Filesize
4KB

Download
memory/5852-301-0x000002642C6F0000-0x000002642C6F1000-memory.dmp

Filesize
4KB

Download
memory/5852-303-0x000002642C700000-0x000002642C701000-memory.dmp

Filesize
4KB

Download
memory/5852-304-0x000002642C700000-0x000002642C701000-memory.dmp

Filesize
4KB

Download
memory/5852-305-0x000002642C810000-0x000002642C811000-memory.dmp

Filesize
4KB

Download
memory/5852-269-0x000002642C970000-0x000002642C971000-memory.dmp

Filesize
4KB

Download
memory/5852-253-0x0000026424380000-0x0000026424390000-memory.dmp

Filesize
64KB

Download
memory/5852-237-0x0000026424280000-0x0000026424290000-memory.dmp

Filesize
64KB

Download