hxxp://smailpro[.]com

Analysis

max time kernel
1762s
max time network
1823s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://smailpro.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
2612	msedge.exe
2612	msedge.exe
2688	identity_helper.exe
2688	identity_helper.exe
5628	msedge.exe
5628	msedge.exe
5628	msedge.exe
5628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2908	2612	msedge.exe	59
PID 2612 wrote to memory of 2908	2612	msedge.exe	59
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4840	2612	msedge.exe	93
PID 2612 wrote to memory of 4656	2612	msedge.exe	92
PID 2612 wrote to memory of 4656	2612	msedge.exe	92
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94
PID 2612 wrote to memory of 4100	2612	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smailpro.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa211d46f8,0x7ffa211d4708,0x7ffa211d4718
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3692 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1120 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1692 /prefetch:8
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9481965769744177973,6007658631857856237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa211d46f8,0x7ffa211d4708,0x7ffa211d4718
1⤵
PID:3608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa211d46f8,0x7ffa211d4708,0x7ffa211d4718
1⤵
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa211d46f8,0x7ffa211d4708,0x7ffa211d4718
1⤵
PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4156

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4d0 0x4ec
1⤵
PID:5660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
183KB

MD5
7f529c2ef4e90c2fe7b09ada4f85f4f1

SHA1
58b9e4de7b4a1e549a17cb471541ed330a61781b

SHA256
2ebaeac31ed41fbe24fc07bc3b0fb4043422a790e356a5f38c82b125e3451827

SHA512
bcf6ee7711e5dbf1943dcd133e675006d574e3959761cb1007e69b8299c5d3a8435324427b402f65b0feb3374b625e2959fcb321b67ddbaae36c5ffcb74dcd0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
19KB

MD5
f663d2ddeb8deb0fef3a943cce086412

SHA1
95e0d377648f8b2cf88d5aac33bd51c4f169e175

SHA256
c8ba70583e2a7bf5308fc4da40b9df776a5dff30babbb56f6bce623c8c5b195b

SHA512
d48557e6bfec9ae69e95ae5901477327c6afa78c64affd6154d9213cf2b00c64859731bf55ca00ec35fdb21a3e8b3a1dec6ba93059403541c717ef655bb2bdcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
482d546623ab91032f7943d7c00e7c22

SHA1
64c11d32bb71f7424f3e88619edeb2047fce8a4a

SHA256
326fdc4da8fe284255a6ba1195c2a7611d0c60f318f01c896edcea79eb50e30b

SHA512
247110070d6bc876bced65cb97bbd287c7d1a412fd053d83f7cfb1809d39a076054909730a82685141cf494c3d35d564ba02ae90be6ccc02ab72f2e4f77258c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
ce31078dd72a715751684a2e329a903b

SHA1
d78404117d75100f05c3bfeca5dd4a6532e592b3

SHA256
caa2b362351a41f3c9fd83324ebe6327b19904d7eb4503b557268547ff1fcc17

SHA512
5fa1ecc9b966f5fc02f3e6aa8784ca853aecb3ac6d4dd687ff1cda74e2817a06044ab7ac0bd999addb1a578fa7ba08481d502c9df7d785d83eb608e13e70c203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
97e40fd2045f11bedae18bf254dd18d6

SHA1
359be7a8e333e847877662c3c6a736576f0843d1

SHA256
7ea2a53ef2e36bda16480d4166be320d26bcc047221d3fabb6338ec811cccbbf

SHA512
fdc46e40c7378c69c34f7385bf1e00f8e18a927e4dafe7a5ae6c402a47306248b92460cadca51f0a13a73b71deff34785d9d07d911af0d313ae7b08c7b64340c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
a3cdbd2c0d14822e7da043802b20c8fc

SHA1
11c761688a94092e53577045459b4fc9e6931f29

SHA256
656798eee54299c6c3af6b6ee3eddd670797cda0e3a478e40a0ac8e19d41c816

SHA512
549b7e09f8319d7d112784c16245f2f2cef54996c84a88248f66d3daa6586441448ebf9f282db9352ac52210835f7d517c3abc9772a75fbce16fa81075b3d11e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
daeaceaed437be08b0a2d06e59d2448b

SHA1
3b549d02fce2d60c3cde2f77b8266c1ec3e637d7

SHA256
a65ae11931168ea6a8ab0d6a2aa152535070b84463742946e0c19dc633ec5e34

SHA512
52878f08642c8766da92c009c8fc8c67fa6c30ab1ae798de8e1388408abfddf47f0288cc38ed02a5f3313a89fcecf0a17f4854bb540d4b965ec2f68f7592b1aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
59216bbcd00b727fc9bb799d53e51b56

SHA1
7c7734ba98173eab635bb2dd8fd5919218fe59df

SHA256
011c71502dc2f8a781465a445158bc0d841851c1751dec4c96a2a1ef39fc559d

SHA512
81462e3c6f3eaf6634774ff1386142fd2481ed9cce06282c9398e8cfc9dac7983e5a3fb74078b1c7afa41ea1f681cc43a83be9d00f585732b59291ee2b11bbed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2fded8b2e91ec3ce49fe520c0147fa17

SHA1
3b61d4b72e1c764c96a49ce305acb5cb6ff5a684

SHA256
5318bdbd5e2ab34043ffd53f4bf166a99a320c42de4abaa68814811259c93a36

SHA512
edf4143821f51b9c1f642aa773abf97d698fb41f65dfafe5a035b7f39e7b19f1a724d66f9a0d40465df892474fbd55ab7b610c3376d29684485e6c4cbdc4e6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f03476b3ff35e6e3869a72a9fd2f3f02

SHA1
4ec00c8c48878ec3de053b614b0f85b0cc525292

SHA256
78fe12604d66b568f9f1a5108935435b6d00902867a11a5ecf24decd52b95848

SHA512
b8d51bdf9a6558cc20b55b933ec636fb7e7fc31d61f97346fdb9b0e57e2323a3dc5dd062a4e98b525a0bb02fdf2329c3a395df329b25f92ac9202c48b4a23ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
1759d2347af09e77acdf3c0c0cfad0f0

SHA1
6347dd7af29908fa890df3a0d04e263e5f47d474

SHA256
bb14b8d69e25d7154661e7226239f0e0af7eb766ea9674977d3841cbff49b120

SHA512
dd4a8bf7d330a9cfefafc56bdd356aaaeba673c60eb9b1c3dd425514f4788acbc253a699fafa655115fd10324dc0cde289f222885f2cd4396a2ab6ede2499000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24e9a0c2f91b6bee857bec794158e314

SHA1
96bd8b7d1b93e04f09c48e72350fea873f7d0e6f

SHA256
4f16792a582e80a4540dbaa64293aa38419401ea759954ac55e86db2c0e0742e

SHA512
94078c79be1072e6898d40604600219351969ce7219e76efbd03c4340bba429c4a2982b85e248a9bcdbd356c9906431a23349cf5d4507df8683a5bda829bd148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f683bdcc0d8ede64587bd972e404659

SHA1
acd457221079c6384b3a57b0120ac390133daa37

SHA256
17222e70cf1f11a37ae1cecec1989ba49fb02dce4a8a6f06b735201d10980714

SHA512
c8a9ddc48417944ff4dcd844427e175c024a8b084e44a76555d370837724a0b7379dde8b0bb73ea29c4d750e4f4b11a58829c4bbe3338daa834ffc2c72dbb7a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a15342eaf4fada64ad735ea3b7504865

SHA1
eca5e9a797babfc61246a900548ae583b0c72413

SHA256
634ea3acb8088abd1f7d9b038f142d80027a4a2e96857fb9a3a7e5bf8b22be30

SHA512
d57644d75c0b187d7ad96cd10840fb77574a68d7f3bec5d366a091efbca3ca26578d27ee02ff9451fb45a063c838ec6fb9ec2db0a1c6f08ec74604fa6cf1b569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0af6b156839d85ea09226b71f0719ce5

SHA1
901f1a875a7fd2577cf8cc2d487313d60b1bb384

SHA256
60a9e629b4204c2a100d522f697f5bf9b0d83131c1aa81df4ebdfff97809dcff

SHA512
f62c60b85a89a8c0b449de29ad11b0ecdfa5f9cd95fe94962a074d5e7925ba2178cf0f688493713e8732ff77f51336e051be7149d19e1bed3f947e557f9ed548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5256231309c02bd0bc505c76fb44c9c0

SHA1
32b9bc4a204a5f08cba76106e8b2706fd44e7742

SHA256
9bc345b1af4b37fd7c516cf7b5f963980bef8de7913fba478e0d6824bdff2cc0

SHA512
232b4c7ef6413659856c1bebd062a057e990cee96f5178f33e61ef96f97548142cdf4601ea82b64a85da97529dfcece18658111a8077f2bba27136e625c973db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9a4a30102dd563113ebeef1943067ca0

SHA1
40c1513fc82538edb90d1b18ae0fb9dda91a37d1

SHA256
614a798b35bfb2b7f53ac7169501b229f4a549d95e85d4ae177fbb890da50216

SHA512
357e5e9d87794b243ffec6d581c3d0ed1291c501074ce4632ac42409f7f2f5fc925d4d4a7d260c4ca10b5e982a35cbf18fc7c82a057910d21e8f7f959a83add0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72a6d973c0fd12a7c1258fc56c1a3619

SHA1
347fa05a3d32ee25f4e3687d13a0fec54ee71139

SHA256
7fe04a224a4cd5c4b12e4f514c4ce9d2a4777836277d68d94b9cdab3df22cdf6

SHA512
33d1ab88b2b1163c95d59cebd93a6c213ef56c1469e80e49a6c05673c27ca4f63db495c683d7f43a9607c54acf6a153f547172439151e0d4ef8227481413598a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
15ad31a14e9a92d2937174141e80c28d

SHA1
b09e8d44c07123754008ba2f9ff4b8d4e332d4e5

SHA256
bf983e704839ef295b4c957f1adeee146aaf58f2dbf5b1e2d4b709cec65eccde

SHA512
ec744a79ccbfca52357d4f0212e7afd26bc93efd566dd5d861bf0671069ba5cb7e84069e0ea091c73dee57e9de9bb412fb68852281ae9bd84c11a871f5362296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
102ff713c0454358d03aebf9f4110749

SHA1
b861c857ff84ef46dadd9e18032debff08d5b8e8

SHA256
02002917e418cb09c88dc164fb6e75ffb1323f5ef70ee63bd2d8eff7a944f858

SHA512
7d1cea518757809b8ed485133884e224401729be552d894d27d682beec39596a3e009ad2a5d60309e2a0a4fb30043de77967038d5243fc77f8a304aec90b2669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
e6e88fc1416cdf87543e8c27c8ccad1a

SHA1
96ee2f53ce91cf1ddc11da4695bbf9c55191bfcb

SHA256
d9e84da1e9226f413e74a4d169f4803f2da400a9733adacd68688c9af3bacdde

SHA512
4ff9f38140325d7148fb85bbd208bf8f48473bd4ad9eb177bef8bb70098c9b62bf2f5fd7f9f4089b81c8cd948fdba72f4b137b108deddde867360f1bab989923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
433884dd44acb694314aec77ac18f36a

SHA1
21b61abf79f4a33c1f4bfc6a2310f834491a7643

SHA256
9952fa8889f1092c3d9b99afdea9d33fc2760aad3d96219366f0f1588d633a15

SHA512
dc3e2e0867139feb018cd507088228d99a87f6a775a499c126a199b043f877ee13c7678265c8e19408fe092bc998fb05539535af1867e18ca1257e77d3c4e9dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfc3ceefe6968886678b8128e514b1d3

SHA1
ea693deb2ba4d725c8543e93db36caf3686d9407

SHA256
2742d184184412e33008e295b8dd8f4ad5eaedb109c83f789665ea785773e333

SHA512
30d760b9ebbf16c4cac84e182daa40740fdc81475c7dd1ffe56bf9c39468234e49bd491752b974833c37e0a5a1af56a8a3688bd2f04274f79c84b947531cd04e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fe6c66b46c7fd4aabc8ad52c7e39ce39

SHA1
869828049647f25aa87a371dec04efb00108755b

SHA256
f1bff5d192cb0be90264f89d3be2fc6700bc65deddad6db854543986c8147605

SHA512
c9e3f74466417f3ad0dd4c44aa676b965dcffc01afea1bc6809003a42e1b29cba18f7f08f5b885c5dac5db41199edc9efcf8799a0d4d1fe2921b4a7700afb22f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d920d2422228da851a923f6feb68e352

SHA1
16754457c87cccbeed4acbe6ca2471ec02fb3304

SHA256
b5d1367d8a61b7f1141e43e3d5308ca0c0a90528f3cc82b7cf0e4f2e9cc3ad9c

SHA512
98bda183f1435c673df457dbe59e88a8edfecd7aa954af2df2650918c2426187aa05e33473299376fd54b9c7c4364a5d7a2bce98a473db95495cc0566a066789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a7f3.TMP

Filesize
706B

MD5
31ebfe7c13ed5360e5ed6e21aeeed26e

SHA1
e4fad6fd7d58c0acc7c5d7132734b3dfd9befe84

SHA256
b679bdd02a203ae325554071590341b2286657534e07fe827d14cad00aa9627f

SHA512
3fdfda9a9ba37b8becf5880a7814329fa55d3dea616041b8a7f2e66041aeb457cf1d869892828cb109aee863fa4320b840be3a3439c75dc7212af18a2c6576e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\da665047-df27-461e-a805-397ecb7877a8.tmp

Filesize
706B

MD5
3cc8e4925f5ac7792ddbc0eb79ea93a7

SHA1
9be9cec6c6f54544b80ba7d932339701af8a8557

SHA256
e3fb4b7d23176e296835aecf3128aebdb323c21b76901570ad090b343edce77d

SHA512
d734fcede33227a2e459bfbb8b276d82370fd85ad6e95090d9fd88416137f5658246a7e143e3fad6cb5b9d4ac437e18c74f1363470f598565ad4b107d789d2da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000011

Filesize
17KB

MD5
aab2532f8363e63359dbf0c31981f57f

SHA1
a21523eb85636a0455977ffe525260a1a8568043

SHA256
a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13

SHA512
7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8959fce756ed888a607fec58cebf0cde

SHA1
d3555020427525a0fbebf895e4c55691e0ded4e3

SHA256
55b482e7c6b47cbff2a4f26ae755e65ff2c880ffc8302da786f510b4757367da

SHA512
3cd94b3b8c2dd0ae7b87c83d1f645f70584a282fd70d91be246a01f8275e97837ffcd799df46d5807b773bd370d4a9d358b9c01b147b4c2e1be3ad3c74deec8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5712b20e53cce22f3450a65b7a89c2f0

SHA1
aeca2f1f38873d54230703a81a6eab559e60e0bd

SHA256
4a6ab36fb3999b15f47403fb4b2598d03bc6874d30b4277a46cdea2ec7d5ef71

SHA512
38b84a0b6d27f10e4d3dacbb428e5b444800711ac70e43aa77f622153fb45eb492f6bce7be666ec275148a7aae24d2565c0e5b65f6ce1f4a34e1c0f697dfffbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
44288d1bc75c7bd0c140c00a4a8b68c6

SHA1
724255fea51ab4ebe406d31c19f8ab6d74533a6a

SHA256
a054ea0f6d9615381d5dd10d2b29d3dd5713abbd5f96aa017acb0919261d710d

SHA512
5d6ec78c6834fa95420c127d769746d0364ed7da8187ab181ad5c6f44fd8e61c9c430f74539fa937c097cf8f5ae353c691452530066749aef9aa789a2c9ed47b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
284347b1d994e20bdf7c1590ec9b0bcf

SHA1
26770c1cddc5be65978a515fb9f0dbfceaf723ad

SHA256
c81745a899b39e8fab059a6eb10d4079dc601dcace017288c7624bf2b82579b3

SHA512
42ebb91ded1c4b14cc1b16050f4fb97bb8c4dc72af7ca804899182972700a3b8fe3f239ca4309a0f7fd2083b12dc5cc86b0029510edd41fa74cf76de7d063bd5

Download Submit
\??\pipe\LOCAL\crashpad_2612_EOAOHQGKDVWSPEGP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit