hxxps://d15k2d11r6t6rl[.]cloudfront[.]net/public/users/Integrators/669d5713-9b6a-46bb-bd7e-c542cff6dd6a/60154b197d654466a40480a2b908d3b7/Vector[.]png

max time kernel
1184s
max time network
1202s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://d15k2d11r6t6rl.cloudfront.net/public/users/Integrators/669d5713-9b6a-46bb-bd7e-c542cff6dd6a/60154b197d654466a40480a2b908d3b7/Vector.png

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1574508946-349927670-1185736483-1000\{94320232-1856-4308-857F-2B1E4D5D85F0}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
4516	msedge.exe
4516	msedge.exe
3652	msedge.exe
3652	msedge.exe
4684	identity_helper.exe
4684	identity_helper.exe
492	msedge.exe
492	msedge.exe
4780	msedge.exe
4780	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeSystemtimePrivilege	1296	SystemSettingsAdminFlows.exe
Token: SeSystemtimePrivilege	1296	SystemSettingsAdminFlows.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1296	SystemSettingsAdminFlows.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 4776	4516	msedge.exe	91
PID 4516 wrote to memory of 4776	4516	msedge.exe	91
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 976	4516	msedge.exe	93
PID 4516 wrote to memory of 3548	4516	msedge.exe	92
PID 4516 wrote to memory of 3548	4516	msedge.exe	92
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94
PID 4516 wrote to memory of 4216	4516	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d15k2d11r6t6rl.cloudfront.net/public/users/Integrators/669d5713-9b6a-46bb-bd7e-c542cff6dd6a/60154b197d654466a40480a2b908d3b7/Vector.png
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdc82146f8,0x7ffdc8214708,0x7ffdc8214718
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6456 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:5728
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" ms-settings:dateandtime
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6971898835873981064,17794427930572262269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:5856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17496082284844187276,11061443262624394563,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
1⤵
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,17496082284844187276,11061443262624394563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:380

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5924

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetInternetTime 1
1⤵
PID:5396

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1296

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d8f4eadb68a3e3d1bf2fa3006af5510

SHA1
d5d8239ec8a3bf5dadf52360350251d90d9e0142

SHA256
85a80218f4e5b578993436a6b8066b60508dd85a09579a4cb6757c2f9550d96c

SHA512
554773c4edd8456efaa23ac24970af5441e307424de3d2f41539c2cf854d57e7f725bf0c9986347fd3f2ff43efc8f69fd73c5d773bbfd504a99daca2b272a554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\32a2f781-9dcc-4c8b-82d6-f52889927aa7.tmp

Filesize
6KB

MD5
8172e6f34140d619a42f1f9c39226669

SHA1
df5e0411309593dd2ca903e26015151025f42a38

SHA256
c49c35a8cac317d84119606031b1475839b1e42538b608c71ab184b4af11b1d4

SHA512
1c37b108493647bb470e6f1e18d1a4ff0e4ebb1264bda4a0b9120485c31d31b3eabfa561faf78fdf05a0a9efedb73d5a30535e97b5c528dd692de84d6eeb9faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3c17b633-42cd-4540-98a4-938b279ef886.tmp

Filesize
5KB

MD5
37856439a9e24dbeb1456ea01d92f877

SHA1
cf29585053a65190dee3c34c3dd2edfb13b8d0da

SHA256
874cb9fbf4bf135a0d7d549ef1becad742cc4428816eea703d63c48cbf8eb099

SHA512
f9d290c8b1cf4ad1a3c5e1c2dbe7f7bc8081feee60a248bf50a3e50031ba4fa1d952e983244efa86057a2b488c8b20d3ea76f949c19091e52a80ac058f472f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
cfb0fc4f681902ccf197da4f130c127b

SHA1
2c00cfb2639d54c927737fd7f9c864011b7e9d6b

SHA256
3e9ec45fc8df79827e377b725550889c5148af1b02e08151c8872f878527c25e

SHA512
23c770acb43d11942e103d4ef2b7c14013d0417c58be59293cb57f37c898c06368d0a9c922d4b92f31cc0e00fbb6c45a39c79883cf67b0033a5f40941311bd98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
d94e0e0a05b178d5f668021e14c7a1d9

SHA1
d28e00ff7663ba19bc80a379643ef1cb20b4d2a6

SHA256
ce471ce8016410f68616f0b1f122fc43f2dbaa7fd747877fe19955f492c630e2

SHA512
aa62a9b26850343db5b05ba623b1db75281ffefd7d5b168fd1a4a85c28655b1f3f900edfab3ac57ee7c4ace83769265c9a44d7b19b1b0e9c7fd3e11dc6267831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
972KB

MD5
f0ba3451becbdfe1abb7f1b3d5e2fee5

SHA1
327f497d89616645a5df9a64f4be1d3cc6752b1b

SHA256
3fb6fb9e370ab9d7b17546490f7e8799f7e71b78925e4efc0b343b85554c8f7c

SHA512
bfbdd9413141fe135994c9c818f5cd64faca8d953b6a051b7773dbc4a36b8f7a69c13cab5d19dc7d38986eb259b461adad249a2f97e28b807e1d5d7886b273c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
27KB

MD5
f8c88dc9ec6e899bb2182a75a7fed1bb

SHA1
78a1b21c6818e4b759f58fe134074e743916f4ee

SHA256
82dfdf9171f9ef07953d6cd22df65511882383fcd131818fc37aaeac2a6f8276

SHA512
5d5293bd102b96de91fc3fea3484098002422c501cfa7b872986ad3177df4894a954aa7057ab0a05ede0ebe8a2b0558257618e97e7d44150adb62d0712ba163a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
27KB

MD5
3b1a20b00aab9a802a2e33c07c2f795c

SHA1
f9902217457e670735dcd126801596738a4b71d8

SHA256
0c6457d14c00dbf2d87b462483ca8f12cf6bd86213352ae130279e60543bee05

SHA512
aa12c038505986eb8989dce1713568c4ebc5ed401e23dea1b51aa0f50f4f963549c558ae2dc044dbf887877bd0110d9288c286b1a8e33a1d1b03ac6305932fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
4d16b80f9c44fdd6a333eacc1aaa9b24

SHA1
7caf7fa5227e8010b39f3de37ab5400704a6eca5

SHA256
a08514387499e3b3f157780599e03c4d70d2c9d1f1ca5d544697045607f88b19

SHA512
a72936b1bf0d87a6427fe05eb125d50a52fccaa4788c2a6864ebf4d54a2b4ae8f0c09f113ecf710b94864386a0c3d471670ace9fc767469dce9f3e6a470fb416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
86a4da580b8c63f0c102be3c06500c0d

SHA1
98571bbf5a5e38abf1f89a12c0abfad6e5c6e425

SHA256
3db20c2c43c093fa971e3ba283af0b7db40f4403db224404678a5d887fc2878e

SHA512
8d1c990b6713856b90476c31f4d0518b0e8969704479ac397b054774ef007e1e2ff9aea3ebc41eacc6863929e0492b6a94a4c326c3b583e0a8d7c347ee11cd5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3d9ff865619aa157684ccea3c801d542

SHA1
abe79afc204083e855df7b2908f79bd4d0f3a39e

SHA256
168eabd24ab12ef2249c5feab3dd7e172c0b25f23df2c4aef4ad668e0616ce6c

SHA512
34ab760fe3b9c9033d70a10372d6330f3d8ef2493c560f9b8a146569d2099e76fc23815a24976e5eaf2471d728f87b4fd6314fdc120c3a87cbb7c0bc5d4b9205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
03d5fb17b3a7a6736a5f20cd5dd92449

SHA1
0bfe89f515f329f863cdb52e1dffe6652339e7d0

SHA256
c26daf5b92904e5ee583dbaf95e8f32076d2ce71567a1db93a9e49493cacc01e

SHA512
7c15f098b6992ada3278632ca3a4e0390cf0f36a902a734c07617bb01378c7f27ba19b69025bb75c8015ec25308158527743f6889997ad3d5a378fe7fb320e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
485B

MD5
aa688b039cbe36ae8adfdfc1db4becbb

SHA1
d5c97c22f6e049618ed9bcc5f3a9b55f501da6f2

SHA256
10f0aae5bd9935a4dde9147c8d07322aa03a9b8801eaf81007026008f39e446c

SHA512
c268d4042fddee8ce8a214b3c41e9190a551241908fa0aa14f43332659fbde2ab5313db85e317f1dcadc52f60ffeb2594ec3bb6067d30308359f994007b7eb49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e26e8939b8e345193a3f96c45d92b768

SHA1
12d4e811e49ab4cc54959a8b609f5d5e598f46bf

SHA256
c971c4ffb7536e438be6eb1eacbc79a523f2ab7e20a87557ebccedfd9d38333b

SHA512
ec5b98c0a5ea05632ada3a02606c4fa45714f4dbf3eaabd7c0ae9ccee7185d43e804f7ac18affda68db89209548cf7204226043d720af387881fa2490065ae97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
203c47ad0b1821304a5836a43802e2f9

SHA1
6681c9587ec539569fe19769988c12116ffb7f14

SHA256
596f527f4e8b3974cae3dc68e1e845b8c2982a5863bb1e674814ff2b57b3b738

SHA512
6cd3204a6f215ceaf339da2e6aa2b049e3a97767428ae61aaa5e6f9f78c4832c5e0f20af6ff46fce4d0d3cf2db0653fb7c29f1782ed895519b68c79e3d0e9a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4afc9a2314b41728fea406582972d8f3

SHA1
e50cec00e8f606f7026f0064558aa5b8c40955c3

SHA256
5305a6aaed4324c99af2c5b784512e46583db0c4413a56c187c0c54c3c976a48

SHA512
9c89f8f9bc380846b4b178067d1de489ba5e33fab0aa4a708b59314447a51a73f3877224464e490df058f7c6b2f5a7d46af1c8e5562c8e4fb9824e209d6d8bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8e05760a0eb3815352f87f0de87c3c2a

SHA1
5dbdb3eccc05d63daf20f8c7911004c96ac2893e

SHA256
5e53aa7ddabb37ca37cd4bb68c6eff2b9de211c48520d53bc0ea6f23d45b83b6

SHA512
1f373223bde27fa278d5c7a89e1219d47ae190aa1d6d71998e91098d6df11ceb31dcc97f4d08ad5c50118520cdb8ee0c8f9e60d76215b5d3ecc21c66e2dbfbe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59c7247f77742e31ce09c22cbff31a38

SHA1
725a56ad56728c3fd8dab759fec640be6fd1bafc

SHA256
95e8ef9c6879e34b90b1d48b4d79605f4800dfbd06b0ac870dc6e3eff95fcb7e

SHA512
1d5b422083d88bb751ed68ef30a7993205f0ee1ff2858542b9cafbd5341be988153acff9df94b6f245118de4ccbf8ea7e4351a6dfb4a6dfc4dc807bcb5657b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
92bad9008fc189770d1adc064cc16283

SHA1
eeca1c80ee30bc132aa1bd084f423916009b9897

SHA256
6a0a28e95779df390f78bb9152fa4a0ae4a4172a613663e82a43e7a9f1010caf

SHA512
044c3bf68055f066ab047627534fc61ec1cf2bd27222dd0d15cadf2add44808087d03437960c6d3f85d2b38e448cf1b8fc3be6d95361e0dc9c952e8888b4bf1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
61fa26b0c407eb91b446684744f5b3ee

SHA1
0845ac93dbca41b41ad7c7559c9d42524183176d

SHA256
efaee89fce391a80eab16aa56677a8dddd8396a8862bd2b69751045cc080ac68

SHA512
cf3762e81362cb5ea6ca42a20fe9716d08f05e1a74061d025a982b4b34dc3cdb6f9cdd836992b137f008406e6865fc96aec93f041900c42f41975f21ff689aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6a8d2dddce5878af2232e0884ce40e4f

SHA1
28f5e023de101d8a93e663ad8b9758381a44f6d8

SHA256
ea0b72608b092ae6e82f28b3fe83d1704492ba7e995d706577524f56e4fbe8d9

SHA512
d9dd661a0489e9da75f6248f710f35662c9210d3ba6b68eb10ccd4e0c10c23082d4cd42934ffab395ab2af2256cd8bd76c203a9df2e624e18d65568835fd3b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5c0116b7e8ce6eba81b9f554819b9747

SHA1
e0a37e6694068415f6e2a8ea131a844f2bb933dd

SHA256
bfd36ad129e6b6bdc57d06edfcf3fbe83cc82b62930e19f69f52343f782a7d64

SHA512
4a71fac6adc11fec3881e5fb002be22dc3d22a5e8b87569f8f5adf7577f234b53869521ee512b678b5962c3747c1378cf024c3442ec8e7f542e4f167f8de5701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2b91010f0e9b2ad8a69e58d4a67013db

SHA1
ed1893cf4b6a6170e38db64becaa2ec9c7beb832

SHA256
0c09e0386defc7f1cf883438ff009d7fead897dfed9bf842a6d4ea0e2ab6fb04

SHA512
5295675bcfb7a101adc8fea08be42c13fe63ae02eb7e89cd468df3571e8b12a38bca9d58c337ffd9246eeeb28a35f310079f1311e478701aff5089f50c61e383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c66af9623d229a555ba8af64e690efd

SHA1
e713f7f78b3f45b1083dfc7a60d5915ac9c9a40e

SHA256
454aaf8b4dbc1c8aeb9137ab0e6e00a38ed665b0763dfa9b9e57f83f902b4665

SHA512
2fa9c4bd430c9da4cd5632ea3f47da8601c6bef1668ab9d8bb2b276d33b6e8790e195a6ae203bb16d06372447bfd7da657c2fa0fd3f63235ae869c0c8a6ea10e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d985875547ce8936a14b00d1e571365f

SHA1
040d8e5bd318357941fca03b49f66a1470824cb3

SHA256
8455a012296a7f4b10ade39e1300cda1b04fd0fc1832ffc043e66f48c6aecfbf

SHA512
ca31d3d6c44d52a1f817731da2e7ac98402cd19eeb4b48906950a2f22f961c8b1f665c3eaa62bf73cd44eb94ea377f7e2ceff9ef682a543771344dab9dbf5a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
0dfec5a5c9d81d70a44d692045242fe0

SHA1
92adbc09972498808d6910203ecadddbe509a4cd

SHA256
3067a9365891a77b1c338c48b84aa7983d9f07c51b1af18f3d733d609be6d576

SHA512
998162f7e93547595facd90f22fbb7044adef8a81d2aae49ded1c417b5ff15da37c9175c177bbf748c097fbf89e216e5da7fe620db418e18093a1749de0da4d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
010afd8019d1a8e3f0a3b3087e7ce39d

SHA1
ecc169d82ca2b0e5e3430bb30d82231b6af1de17

SHA256
7aedfe7a6f32daa8784d0b0cd8d2d54e2f4b93494bf4fdc7daaadeeacb32d973

SHA512
099204fe5f9b8c1d2c7c57ea7fb6db6ad83d037e12f24d75479b132528608f9c036c6d42d1145df062ece9663a163ea7ad478c776d96f43332182b449f64cb5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ae8d4ba5c91eddc968787ed1086895e1

SHA1
3bb6fd77b51eaf8737bf905494098b549e3b8f69

SHA256
5c1874e2345245ce661ca09886226b5aef391a99a5cbe9374dbdb6c2a4c91838

SHA512
4376965d36490b348bfd0d75bd83344988508bf0cd7232f17ffba51f1fb97c7d9e66c62c4e81d82408a86d9e9d890d7d233798c1b086ccba71b95bd5ac054fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f1b8c3d278f9f62b1abab2bb60ddf6e

SHA1
b1dfbac4dce8e44b23cf2d2f34cb77a07ba5de5b

SHA256
8989245fa81625e1da1631508bc30816da51bd566205d0e2476a1e7c8c720364

SHA512
bd10fcca4cfaf1a62c696410718aa0f65ccf51b02aa0d26c4a9dc075331281bd0f7ddfb0a210361d6275590c977b5f22226e2ea145e7ef1ee6aa8ebde0be3aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8165d0faaca6c73c3bc72124485afd6d

SHA1
8e8ac0a75cd8e16b370f3870d6d0f9b329d911a2

SHA256
431f0b506188194fe0ba2e60385f5133db66cc6a077b6b6a4ee00d038c298ee0

SHA512
3345881f81fdb7c3a889a7a90afc1082ac32cea8a23ddcc4cfdf5a1dc985679028bf4369a674702e9d8674ab2c4a2ff0b0cebe167b9e88f7df2a6ffb9a1997a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9f62a05c7878e760bfd2c0860c4d0d87

SHA1
aeefde38c4585708983bc6b231792bef82d080ab

SHA256
7d34b8ccc7f2a1bb21aa84d2a36ba5e1750826a66e4853e85349cbe9b5376e3e

SHA512
64e3d3e430c06a153ba544d5c2ebc3569a75cb9bcb7386dac5db679be084eb6f048a5d5c8472291d3dc7b8f9582f7372ab30f05234eb99aa8f2cbe38144553db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0bc5a29c6e0676776f0f25aef232a4b1

SHA1
3aaf6cd36962cb667ad5c19628cbe9147b0ce349

SHA256
89bb76dd71ba64a1f99182a11cc055802c7c230937f6fc348ea6d09d0c72ccde

SHA512
6ac79f285d9bf04f26b0811a0cd7dc4de6ecbdc3b1ddd401852ea345ef549595431cab913eedb0eb9d7e6fc01ebc6b11609251bb518ca3ccdc3f8151fe90dfd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f48e4f4b6b2c05815c4b88d8129257e4

SHA1
c8f42333d676aac83a989322ab7314ec5d17d5db

SHA256
07a13caab135bf6f32b3d0042ce1c047ba1fca49586dbc013ffe59f470184248

SHA512
e073c3aeefe334c3bf119624a332bd865265b6af77ffb787ec9300c53d2bece57f34cf7310fdbf14f21d1134e80d0cbba5747fac97616b83ff4a3b3e3ad1e311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7bb4a8e74cca10690620c0e3a8f79c62

SHA1
675194a924ccc82f9c301f39df1a409416a09b9f

SHA256
ee13017ee5b07d5efb898c29afaf94c0b60319f3bf23d2cb44ef5a695e44c30a

SHA512
4ab7340175cab09b04cf6efbb84c271e22beccc1b944f4a9107647e910b05efe57f0b1b9ff0f21a482e58b0e43a90b2667d2a419ef2701640ad499fc0015ee39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6a1bde6a568f8136bd4a3a28e717b6dd

SHA1
9a3f2587d42098b7019f7b98a1b5449217f4c79c

SHA256
e5d14ebf08cf814cc49fadb7fbf7adf21b230b8cbe7daaa9fd0c3d0bf9169c8c

SHA512
d8936454f6b2ae9acedebcd10d9949f6d99613af0620c3848449272ccb09b7293ad29e15ab1ce7d570c7e692f5f71cd70505c135831b4746d1278cd7ededdbea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
296dd144b5fda09ad6619e3959486226

SHA1
99f61c921db4090e38f36e70168a328789dd27e2

SHA256
764dd336866f1df2bec4e97b55230d8e9ffac4e6b32268b5bc8912246d9def91

SHA512
b68f35c0dce537463cb2f7262e1ed5b750577eefd4017cef715bd4fd0de38b4635573ec704a6e40f8bdba6d9917c2f846cb487f54c20047eb2021aaee4df488e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d9e6b8ac8d7145a248b502e7f1afb0df

SHA1
97d2f38423638242d24c910cad4662ebf6761b78

SHA256
2c8e5a464c189dc4946f3bf85453eab1ccfff61718fb4a57da01aa8bf8473fbb

SHA512
4110db6e45fa12952d44e82a82c2b7597e36c3460cef775906a71fd8fbac5a5cbe94f2122270f3701161867103cdaefd5ce560fb96c92821582aa7f938f5c4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84f260d1ae546baf49b8da330c9ca321

SHA1
6ff87dbb1c502d82deecc4a052bf42bcba1cfaf7

SHA256
9c2f63c143b877b88547b9fee3ec6e1864268d9a955ec9a738d249cbc54f41f8

SHA512
83b529f807d261f1d435b12af17192baacf6d3655cd6023ef791c0bd996e245c8ab479de22c17fdbec55c4fefcce484cc3a2daa273ef37437410c592c25a228c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9ca1c611461338a8692e02150919f564

SHA1
bfd1a05b24b91330edd86437eca6e542a2644cd9

SHA256
93f8b9045ab91a85dedae6dfaf54fd0b24ea34f3feb5de288c65d84391f023c6

SHA512
b8afe59758fc4bb18cf1269859f3f3ad78121c7589599bd886991bc1ce8ccc68cff30606a92ad164762a77f2c32f6d09e7d1cee3395b91d2dbe41ec12f112f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4bca4ef01e4959d09079e8b5fa543b40

SHA1
97a1bd0b09d041a7c7163ad15ac7f69c800cac7b

SHA256
c23e92c1340e85fac2ef90d407bd2e1f4dd25498a014ec4110c2b59e61d0147b

SHA512
637027775adeb1f4281495640cca88afc8adc49fa8b4282e36e8aa96d2cec059d94943d328cf2936ceb7583747eb5cff468276572d919fdffe350befdad38eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5910de.TMP

Filesize
538B

MD5
e086aa3a49b234f8cc1e9943db224cd6

SHA1
636bf1a975fa904cea6fe88d9b21c3d60dfd545a

SHA256
aef06bcc0bf5ee7a2d93c8b09cd627421bf3b5deba0328345f17106d2f0051fa

SHA512
13b92bd557e4eeea9529b190e643f95f83a3f217dd89290cd98bf5b7b7f8f050ab27c60a25eb5f38e2dc606f80d3cb0e72ea9e2a569eb0efd0e79b51b5831615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c05c9b4919786e229f085d66a4a26e38

SHA1
c2eccf963a78745b255b018c172b2e335bea0bfb

SHA256
0581ade692fa794990f435f9adbe6bc2320733b81f0d1f23110435e9ab99cd1e

SHA512
fd414deca05e8fb642cc6691245ae6ac29e2f8c442bd28f75d0000721fd2ac7cf878a380b4f0ec5d8eb214897be955ce38e6e8d9bd17ece3c2d8b29ec97aa4b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d7d11c4e03eead931da494c24783219d

SHA1
ebeb19913eb01b97d2183af97b5e956f756a5cd4

SHA256
48671b3c663ccfd00169ec8d9a2591a019c5024cc1f6c4adb357105716ff4329

SHA512
f7cb3c94fc45f4f78234d1fb34bb990d4e3f89c8609dc419be6fa4dfc27c3ac62d6cfbf2eb341cd3f0c1802d3c1f5b27b63395fc90a4d285e310c377cdebafd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0dfbded32444a7cd5dedf5f5317598df

SHA1
b2dde2d63c612b4dde9f7c159b2616d8e67af8c4

SHA256
e4ae62b942f013ed47103ab651afd8f2cca403f20362870512f3c0440d0b4c49

SHA512
a123bfeb69319834ba72d64e35fb8fb65ad3af1aa12af7ddcbb6e1706298f8aa60924586a50206f2d247b64df0dcf2c62839558d0ab10f67803ddad4f41069d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fe5a05440f81975b8eb1e5ca527fd06f

SHA1
fe5b534ac0eb296f43e6baf7c07a8fff63504664

SHA256
3483fbb63b340aee41961931794c83f7ddaec1a1a71497581f72f9a949bab58d

SHA512
00970a9054423e113d83e57ed9ccd08e42b45eb8648367648f50f9677ec1743432c9b628deae30e78902e5f5f39c28151b7d5fd1d8c560b7279c96fe32bbe6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
90c16476d79b62d1d71945bb021cd82e

SHA1
1e0bb008b495b7d30a2efb595804050b13fab6bd

SHA256
ffbeb9f63a5aff995940c4f740162077542f1a1d1555c6fb3faf632ac43627c4

SHA512
27c7a216e8a1ba5ca53b7be25bddc114b8e7daa46d8c5103504ddb7981ff40c47689eac1a7957111c1cd3eb859ed34140b8456260034cfa1676664f55aa9b4f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8277e6feb7f37428ecb8f4844f1fc18

SHA1
4ad44c482ee5e140bd77325f4a8097a3f38432e9

SHA256
9249287a1130f28b2650bf384d0f5a94cf5ace96054729375408db0ff65c68f4

SHA512
5954f1068fee3c9e3dfacb9a91ebcb51dd470ad68a28ba12e6666653e949a30affb476ddd9770c9d4f16892a813fff7e9543734ede0c4d0364eca95ba007ef8e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
cc8dc8f66a9eed0dc1b2045943f72b90

SHA1
d6d68359e969ae1531c3fb710b9c4507dd084960

SHA256
104d3ffb93eb16b89db1b4f6d8553248748ce6876b631be49482267cb833dc78

SHA512
d24d5602b165b10f0c62be2b8f729b37e44d68e64b34b2823510ebdff3226f94f9e3d73b0425f94a81b47022d173e5b94b126fe07d5763147a18b84ac6ee1ea2

Download Submit