hxxps://2n8w[.]app[.]link/?~channel=Email&~feature=ConfirmationEmail--AtocETicket&~campaign=WebToApp&~tags=locale%3Den_GB&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay[.]google[.]com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom[.]thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes[.]apple[.]com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=hxxps://bvpquz9[.]com/win/tin/udeh8z/lsebele@apap[.]com[.]do

Resubmissions

24/01/2024, 19:07

240124-xs6grsgbc3 8

24/01/2024, 19:00

240124-xn4sdagac6 8

24/01/2024, 18:50

240124-xhc3gafhfl 8

24/01/2024, 18:46

240124-xesnrafga9 8

Analysis

max time kernel
312s
max time network
311s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--AtocETicket&~campaign=WebToApp&~tags=locale%3Den_GB&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=https://bvpquz9.com/win/tin/udeh8z/[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1168293393-3419776239-306423207-1000\{F0EBAA5E-85AE-42DC-B4C6-1313D8F8279A}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
4524	msedge.exe
4524	msedge.exe
3744	identity_helper.exe
3744	identity_helper.exe
1424	msedge.exe
1424	msedge.exe
1236	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 1184	4524	msedge.exe	17
PID 4524 wrote to memory of 1184	4524	msedge.exe	17
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 2100	4524	msedge.exe	51
PID 4524 wrote to memory of 372	4524	msedge.exe	50
PID 4524 wrote to memory of 372	4524	msedge.exe	50
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49
PID 4524 wrote to memory of 4160	4524	msedge.exe	49

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--AtocETicket&~campaign=WebToApp&~tags=locale%3Den_GB&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=https://bvpquz9.com/win/tin/udeh8z/[email protected]
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ea2c46f8,0x7ff9ea2c4708,0x7ff9ea2c4718
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4172 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1828 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6312 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1400 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14546116864107718001,8789835246087173870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
26KB

MD5
5ecb80095883c24bfd9c4cbcdd9befff

SHA1
758c3bbd590472b9e4081ec43daa329aa9968a23

SHA256
78a93e882fc0cdb81e3ff4f5e87ae03339898c5ed7fb170ae5a510709f328de8

SHA512
d2c90f6769a744db504d451b0477c9488873b2421056e51fb37f610f7b3a1786178a00f8c158d8bf82cf7925844d7748333875b3921bdd09b90dbf41972ef9ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
69KB

MD5
c33c3755c9bc5c370e51bd72a524da35

SHA1
7b4d2ef2b5e0188562afcd4c87060a809a7d2919

SHA256
e30aeba2b555fe999989e290128024451d7b1bccd13060ce16990a39937a3113

SHA512
7c656b1f7e9806208c87b1f22d27f07f400c5bdd3fd258056a4046c7999d4f83f6c473800b09e36450eff9ff9dd86d045eedead515aeb4bdb55e9d9889e90de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
1.1MB

MD5
1dcd637d0651c6b70acdc675f3bf6584

SHA1
cab946645779015de864c3820d8ee0e15684fcd1

SHA256
6a59b10c0c3f10e54739250bc529c359acf7806cef498c98764d793d5ccd51bc

SHA512
f0d56eb37925be5901131ca8fd1f2a344544ecaa1d76a9732c0730b22be3d0b294e4e84af0108a10466a3e3dd733438ee5f9908f9531af85051ce026dbaa5d26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3864092e3a44cc456796d54dffd32ef9

SHA1
dcfa10b4c1670991a0c824eebcc2af6fc0eb10a3

SHA256
502d3142fe3f704c533aeafc0c13cadbf6d8d97a78e254af8d4df2f05a917710

SHA512
99f27151a372636b07080ba38c7ba319372d39323e7398431e2e53ca2b63d7368fb113f6103e12802d2ec567e4dcc5b7b38061aaf89fbbae75051833bc372aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ce4c2303b54bd1bbcedfa1f7d7afb9c0

SHA1
2a4dbe16a967eca3a8cceb74f0ea83c5f4540beb

SHA256
3b303f530ccc2ddd6769f2e099cd88bb26a8e04f20b6ed1c6956e936ada1d16b

SHA512
b06266060f3d2eadd39d78d91a043221baff290b1a684e0a9175fca125ded67bda1f19082999a49b71af9860bb60986ac5619e94fa3e8df100370a2debfca19d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
748e9659f2d4944c4201bc820180fb39

SHA1
7a7d65179e3acbbd31a25dce988bf15d78f4a7de

SHA256
107c3af0d0f62dc28d307b9d495b3c141cef1fac2f007797e3dd3c24ab5132c6

SHA512
b4ebec28257db86d0e6f232e2f970a4ed50fd7b9abfa74ad20ffc4feac8d73e8f2b25e7fe2383da8354b4917b7475618e905dca79576a3f3590353626316cb5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6d0a0aea58734e81686694dfbfa76891

SHA1
45677ed7f68f10474fce118aa67047436aa6ed6c

SHA256
3be8db752d99afe22f5badc9cdfb67ff350a6e43909fb8722d3f48b70f498e7e

SHA512
1fa074c3aef7ceb68d0031183cacae7cb501a44cf369ba6f286fcd34309a32e21251d7b6ebee5c4dee46ae759c395331c656c8718cb6969cba90595c1d573cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0218edbdbb012c7a7c3e69092ec01d6a

SHA1
0d3502719a34d7d26f051c8ee7472f43bc6aea48

SHA256
bb5f6c7d8c5bb0bf9a7a17f306adee69cd6847c4fc63073fa08cbde93f2e5923

SHA512
76e67ec53ee6eadd7fb71fa9c7fe43d08213d81e5e83516e50e425640e75ac0a7c2d0ac5a488d08c348173d36d202e35f6a155812d818d52bb3a2ee570234b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
09e214267a4b8306e8eb93c28f60ac39

SHA1
4da837457554257aed5af3c28e0618b03e43412b

SHA256
e70ffaa5d9b0e57f4bb0cd2b9c59a5f5422b1fefeb592c6f062ad589b5c86ff2

SHA512
f3e9ff9b02df002625bf95ff9ebf9dd32d76ceb5a582503cca9d4b0592842bfeda20a7a82bd9897a2433c1eae84ea4222e22d60fbcfe7156283cf688a8f1ca69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0057e2e13c3049b0166473b18a8046d7

SHA1
13ba79dfb7f18f66b541ffd62709af14d38f7d58

SHA256
1eb3d231ff89f76568f72c83b2676b8bf8f19d426d3e5842e9644a61a2282e5a

SHA512
590c761bce4afe32f296bc02996f7b8522c34ffd528ec4811b89a65514b1046b043dd587ef202afcb95ab2150e7027403c5594bb48be73523268de6484038983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a750b43c2fe12d6531c9095222bad3b9

SHA1
9a73a0cee9cba69fc7981838d70fe97ac6765fa5

SHA256
fb63df68a4a45efff4696d8ae4444e017a628495b83f029b2ee77bb6ee6565cd

SHA512
f1d82959613697f0c1a0b6fe01f47f0ee2f9cf66037df9fa389587b93ffb13185a8f5bedb5842e4b6e20f7eb066461125e2023488844ef969655cadde097ecb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d55f1d96ea22ac356717b04a49f3b96e

SHA1
489edd1384caea2f6af541a132d9d6ae7adf4df3

SHA256
740e8f241340b0b761fc85981feaef02d876e8917d89af773a550628707532ba

SHA512
0bb5b44ed3f08b61e262a7c5ff57ab1753cf6dc68f9ba36e8dffb26504b5914b1ee199667df73d58eac6c817a35aa7da0557309bcde7945c53d271d4e25335f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
26e6337979603d2e8cd283cbef0f4827

SHA1
7440acabb1a0da0e93fe9d44ac84398e4e874e0d

SHA256
19b69de60d77998471b3ebefb94ac1913d667ce53959c02e58467063ba25ef12

SHA512
fc6f54dde7056d7cf26e5ac953f151dce137a7aedc615b9164e3aad6dd1694990ac5c9f180e40c51ce719f212b165d2f4f7660aad2421eb494dc2ee886ae8e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ca0c50596c855ad904f8aaa22227bead

SHA1
8aa0270626eb6709d968da4c62e2f3ba83b0d588

SHA256
eeb9848b50c40b585c6b98072dfc24ad0b33736a0c0525e4283a4f1785c445f5

SHA512
97444484458d4213119a2de6c2a969f7141a6a28769c1d010a5262ad4d5a8d8429bfa618c44513e0e7455c5229bb13fe073c32a0bbd0db54ad83c2f426fd6826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a49a85cd9775a3c3e899ded74cd337b7

SHA1
6ba52f1989f26448cf69b72d1c4ab16696370e42

SHA256
6415adfc4095af5ab41b0d67c7eb748983e01e157cfd4ab9e86de0031050507c

SHA512
389e62b52ba958d2a6c800d71a33453e12b9a5322e74bf14367cddd7ab43e5553f99123a2921c7accd01a918ab5d8af552a6a1852df8687a30459b213a87ecc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
852c451073309d0dd297530379851809

SHA1
98fee26567a3abab8242011f666b1ee3fc73ac29

SHA256
6d278195ce80963419ae5b02fdb3458888afd84e019f8887af00f4666cc2ded5

SHA512
177da57d22ecb95a62ff79295e6656de411ed92f98eb42d93f0e05674b3e2d5e3984692e7583dbc9d592b28c7b4b37798136f7d334640a61c3bc9c8da26ac0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ba1dd61a3ff2f9998ebd5ec9f088a4bb

SHA1
4a3dd3946a67e4f98e97b4ef5c6c71d6f92dcefb

SHA256
74464722c46b54a5a45b981d233048d9481e5ad56fb79c314103e58076f2b15c

SHA512
ae0a0d7523e59140213f88f8e5e23e2c387b2f3798cb115ed7826d3a8bdf46e69c5bd65ba14c23cce79895a71577df88607c83e371ebe662ad167e9a9779f80a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
001e54344f4affe55caaaf908ef05286

SHA1
51cebc8616d244fcc0784acfe612f181e8eae98e

SHA256
d88b06d0f3d18e732ffe628393bb7aef63252e486ac3f850272947aa97ce1018

SHA512
6500d8d4f7717fec73be288ca8c3cfd8aa383bdb458fe5e3b33141827e65c84342db0a4f71f5913bf6b467179396602cfe7aa4a5fbd8cef1196be6bb53bbdcb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3a0111f86dd453fe8a05c625a02be465

SHA1
9688921f2cda78c353cbdbd82577ca2416863f79

SHA256
d1e94bde785c283da6a79d4b04a1dcf8430d1a6486d7205ff1bedde43f4de3f0

SHA512
e85791f1e41ee42607ba304175ea319275de4c2086475142efee53b39f31a103da382628ee595496c158f48df9dccb152c5e5f8bf775d141f4d14c9b1ad1fa98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ff2057b700ea133dfef8e9084c42b39a

SHA1
1399c129e203a0e310eccb57ff213b72c24da3ca

SHA256
c970028af3d04115ef04693f181472f9585095ca1a36be8b9d72a8e7abee0981

SHA512
a8c8d1f57e3c5dde925ca5d7ee2a229f3d89de6c73b389700f23b11190428ff871fd731ccf14ea87906cef76c8430206a89d29c6e170822fcba69e0c5f904b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
837fa2f662cd33c3959b7a241b74359c

SHA1
890d52fd52c92f479eb2cd2d0b20d18b9ece6ced

SHA256
3ae0e999fe9bbcf8f57d56372daa6ed83b7806621df9f15f880a4c3c26234ec1

SHA512
254c6df6e54df562558d4b91698df345cf2db32af7ff1fcf414b121d683570e0fb0db5c51fc926cb0351c68ce30d5241f927f85e5084653ee90024f1a1dd8280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a55187acae35a4cbaa4084aa4a376f3

SHA1
76b2a8bc8566da4b05e580b021ed833d0a7dadaf

SHA256
67716351f7fb96e691d8ece869a3e4a6632c70ebf71e5aa51615c848bb0184ca

SHA512
72cf44c37a838975bd81c21b6bc15bdb90bf43b8171cc335ea21925522f90c3a8c502df0c17a36ff9247bee8b06cd8c8e9af466f39778e3de41c7cddeeb67bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ceaf4b3dab54c0ae823179dac5467bec

SHA1
71f727927018841d9276a0590b9219860e45e91b

SHA256
83f4582bb5a0790328213898a307701a0d26789dbbc5abf48c8c727b6f77deb4

SHA512
34040c1a6f0873d8b6a99687f2520ded8aae9a0ec6c1c2774b9146d43e2f87b8d19718a32b735fc89a2ad8f8c05288a8294b0fc381b4481ffa136eb76b0d657b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
89059aa83d55f771465864467e74f9d6

SHA1
c5800853461a2df29c12a527c7ed650fc73dbaba

SHA256
1f5a6cdf2a1998bc94c7e5632ba28e50c73f18111af1ba7f015110d6ce68dfe6

SHA512
4aea0a73eb2bfd20264f26dde03cee339d9532a94306915540c50421e72f482541f1acd5f7384db1d310fcf83372be714b222ce0702d5276e00bc447e476d61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58585c.TMP

Filesize
368B

MD5
47fa2387ebfe55532dd6383881d31443

SHA1
8dce5814cf1488c0ec813c5d82c2f6fa9dc2cd43

SHA256
1c5bbb56f538545adc07f8c504b45f52439ddbde692a5302de481df6dfac66ee

SHA512
b77c91b8f544f4ab16bc989aecffe2ecc808c386ed962324208ebfebfe6145a211f48c46746533ce227af0fec30f222f3511e9c7629542e57e017da07bfc28fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
43c81fe28baf9c2a011ecf77dcce6934

SHA1
06235b81840aa1f0fd8c78e04d57b613bcefec30

SHA256
33d637fdc3d565bfec27044fd321e640a1dfa37dfbd702551c153906447efd81

SHA512
d66dbcac9d9ba6863abbf46287521acc0697e6751cb9d85a3c40194b8d65c14df84216db1d67d336077e1e1d1d5fc21cdaa8dacdc0c63d03311d2c54f0a73835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ead853401eaef95fe474a49967b0ad8

SHA1
cbebcb2c2c809a22cc133fba37db2f7acf85ccdb

SHA256
018839216af898eaea1f39062fa4249aa3d206c7ce7f23d0aa372689f70dcd18

SHA512
af7e1a2422b60bc693bde08c9ca0f98db1ba4346957076469a88d6d906fce193d4457e490f9417f9e4d9ae16d3d498ba0b2a6daf2c3ab317b3e3d485dbbcf0a8

Download Submit