hxxps://file2share[.]co/download/3GB-morenitadeojosazuless-videos-and-images?e=MTY1NTU4ODM4Nzc5Ng

Analysis

max time kernel
1859s
max time network
1863s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://file2share.co/download/3GB-morenitadeojosazuless-videos-and-images?e=MTY1NTU4ODM4Nzc5Ng

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4588	msedge.exe
4588	msedge.exe
5064	msedge.exe
5064	msedge.exe
4368	identity_helper.exe
4368	identity_helper.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

Processes:

msedge.exe

pid	process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4588 wrote to memory of 4844	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4844	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 2424	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 5064	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 5064	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe
PID 4588 wrote to memory of 4112	4588	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file2share.co/download/3GB-morenitadeojosazuless-videos-and-images?e=MTY1NTU4ODM4Nzc5Ng
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c6af46f8,0x7ff9c6af4708,0x7ff9c6af4718
2⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
2⤵
PID:4112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:4652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
2⤵
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
2⤵
PID:1764

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
2⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
2⤵
PID:1068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
2⤵
PID:2800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
2⤵
PID:1460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
2⤵
PID:1500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
2⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
2⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
2⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
2⤵
PID:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
2⤵
PID:1568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
2⤵
PID:2812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4904 /prefetch:8
2⤵
PID:2304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
2⤵
PID:5028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
2⤵
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6304 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
2⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
2⤵
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
2⤵
PID:1596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
2⤵
PID:1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10234300380867798242,8387441208021782427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
2⤵
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2728

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x49c
1⤵
PID:3432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\26b2e6e6-bb5d-48f4-94f4-05389bdad9a9.tmp

Filesize
1KB

MD5
8bed1fdd96a7d4d1e586d00f6e41f572

SHA1
e409cd6e77d57d3b7533eb4a1b9bd1c41f18faf8

SHA256
6494f20a58e0e9418be0b5aebfa671a0bdcfea8024588bd989021b865c48e663

SHA512
b799ff7c2b4756a52058f9a6539a4916a13d28c41413bb81fda663155a938eb09daa585f5359647b96a7cde6be5ce4a6d249ad1cb34eeb3f4ec79ba1946e8603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
70KB

MD5
dd4a4dbe0aa865f3ae2a287eca9ba658

SHA1
150c288daa8b0f61509931d090d5074432dae1a5

SHA256
ae1fc2ab8aa56425d1707c8657f7075cb17d7341e6f376ed7928d20817c1dc6a

SHA512
e65271fa0f165b8b827f60b9220577e14a53e277500a5376880d6d9b19903536a8f4848450cd4498549bd983c478065fa188e6c3cec57c0397b6fa76f8b92b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
832KB

MD5
8de0d9769d2ede5a4cf813a91385fb2d

SHA1
bb0ef5d5f878fa61a66c2750749d4537a8375e5f

SHA256
d60cb11b7074820e17b7c94ac6d0fe56410b89cba310b17e36de575208e457b6

SHA512
1fdf0df7fdaa8955c7a2a134631658968e0de03ac9e4bb165dd2f8df5b19275e4b4e1e285f777bf8300ae7dcf4d5711ab804a9e50643479375ca3c55af43dff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
21KB

MD5
7b9a496a2ae19e74e03754d2a7010865

SHA1
6d0e3aca76b672b20e74fc056b2fcc7a9e1f2157

SHA256
a09e8f0c5b4bfcc96c36859311487048badee1989109a1c2af9771ee0ec15701

SHA512
ebf5bde214c21d8467500fd8259bc159ad730809592f5c1d88add5fb3ecc7a0e99115dad169d1c662718bd3eaac0a817627ff6d7aa50e8e41d7a9979a47a8a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d801455b4f520eed6a9a687c738f4c48

SHA1
96736b88674358b14edaa8feae3a27811734a9ef

SHA256
8bdf35d22bcae2fb60e236f92151a71ff4a50d0dec6086cee37de3aa239c17e7

SHA512
3483ca56fb4a2a8df3d77b604a32d678da9504bbd9ae036202c30372d8d451a7e3161819a98e03fa0a4777bb109dea2739c2513e729c1a748b63d83b06586fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
d756ba0c3fa462eb32193b7b13d0c7a9

SHA1
fa3db38274134455494c463bc15cb7c904a2c37a

SHA256
dae8ad3be93810adbbc8fc1818bf940d7cb2f5a9b92b9a4d7281b5b3336b8894

SHA512
39a53eb23d964ffbf36f1f0058e77aa41ba268062a5eea32a327f184c526a6c248bcec9e62ead0bf5b9da061fb122cfec5e52b847f65259215165909efbec556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9f233b58b5c678ade27bd63bdf1c2044

SHA1
dcedf81a783574cec2c53ef8013e4253c0000093

SHA256
34df91f6047f66978d9fe12d88f434017047894b20d4508ccd9ba6f6adb83fd8

SHA512
30ba494e888ea59916580f9fa8708eb62250ac231d2627c92c989a633ef912db62d88ae634088ae95ff2a5126732d4d672ce27718ea2b3bef7dfb3476110c429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
985eae86526830db37e533468b758d42

SHA1
77b1c8adca2793ee3ecc59621af6d68206f2e9ba

SHA256
204b1b6f260d9d960a5ee42528dfc901c6876107c39ce9d5c92098caa771de1f

SHA512
0646d954b385681788b7b417182e695deccc11d2acdbfd54734045f0bac366ae0351982971ed53e98c647c0c71e7864f9fbe75f0681080391372783edb917543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8b4da4108fc85818e6c2d91deaa2df55

SHA1
71517322eb504de5edd01426f745fd8901a2bdbf

SHA256
392864d48279d9102f476ef3136e873fe7690db49f46d6814086e28ea93133b1

SHA512
2a1c9e73348951789db57b9b1f6b9995e960f2156ecf71e826ec4cdd11ab27baca25c100aa60e754bc8de9c4e47392843cb109eff14f17db93f2c25eea1acc24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1cae40535d0fdd56ef2963601669e305

SHA1
0d39b0fc4eb6d4b4270759cacf5012943da9bfc9

SHA256
ab694d74401d46aee73bb71bf2859c33e1a952cfd05a2b613ba35d395cd98681

SHA512
7236728b3f95cd13c0f66280543023cfe1929860b871f89f8535ba7effa77f8ccff8ee0e0f77055ca0c24dd6a91cfb54f70579802a00b7eb95d87fde9c19bf69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
129b781369d6a95bc6e6f16bc5968166

SHA1
14054b78f8a49a05ca2002fe7ffbaecddcbebd1a

SHA256
ec0ca88b96e6ef4d1717f12ba0f6ae45b53c61af515a1872c2f2da0f2a2e0f67

SHA512
7995b5e210a383af5d6367a8123c13541b16fc0dc5f4f11ed2fec7ce04eafcf0d0e312fa05d639e1ca306ff77364dcdb0c1589ff781057cd93327f698ffe309a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
587206a86fbe26685cfe22910eeba5aa

SHA1
6bb57df9bdfa5b5d13a69a7067d58d4353598f29

SHA256
1717b7445500a00bf47345017d3f9ad5cd05d741e3a4d621c55474e8a2715bd4

SHA512
2bfa40bbc9e978caf9ba6dd928c164485e357bc3af3e622785607609d5a5b1b35ea3c786c02f8bff0acf47ca993a4cab4c34de97cd6dbc3ef637b398dbb66df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
31cf06cfa9e239d7390862cd1ffb964a

SHA1
ad9293552d664c1362ece9c39b43b3c8c1e1b285

SHA256
f5fa213acd37d17aeea0cc56050965259cdb3f7a5e85eddc69062bfe918d7e2f

SHA512
6ffd097aa22068564047395ce0d6fdcda743bcfad94bf9c0de4ae998aae14a6bcb7f5ed5c9b3636c8a011628526e938039b644e43d423b91ce8999794b19d94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7629aadfa673a5c238d86ac12165d55c

SHA1
ab5c89bad4748958ae903e5528a6bea05d8ef433

SHA256
a48cc39fd3b6a30d3976b42aff868bcad2a14040d95746776d47bbefdc985896

SHA512
f5e750dfd2619abdbd85fe72c4f2847245b74afcd0a24c669643800444a04df47932a8dc1948c98dd02a0b8c94710114905354fff654a7f36f09911ed837499a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
54751945cc3683144bffb782131d6ef0

SHA1
f7d6cd0c167d7d45b4333946e41cb0052c0db94d

SHA256
a3e1e13f7b8be9c879499da233365be2d15808e7e7bbfce2037a99897c48120d

SHA512
25683f12024eb52cc7a36cae6ee742f152ea737e0df4b2c5e481267cf0e7120fff01e375d700037354ba4c387b9175261e79eb5082afa1272cbf8ecdf05f0ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dda0e4dbde34687fcf7aaca85c71c9b1

SHA1
6a6ad7ad12b7270dced9707a0bcac24d926d258b

SHA256
ad8604c112cded89432c9142c46bb0820f6c393f6cf0e66bbb772a707fc9f5a2

SHA512
6f74ac7ca53905ab23a7a116b26ab364e511d0b7f23e02896905c389da75a539b9440b990035325ef5d00889bfa6f430b21303f557f0b2cb902215d3a03b5373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6e1104a8220648ed697b12fb636f51aa

SHA1
cad8bbd3304003f4c36731a48e74adb0257490f1

SHA256
093882c745c20e51af63fe1a689ad34fce7a9a1f6037ccb784a8af41e38dfb32

SHA512
1c6ce2a735207ef23f95f83559b1d2d80cdec2470efa47e382c7ae9e9bae92580f0a68d18ca4b99680c02a6ff08c863ec00b7a1349a672405250e2cb0982f9fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fc6e65f979e0140cfc805979110badd1

SHA1
a2f2791effe1bba33d445f34dfeb7680da5b61aa

SHA256
fc4c42b4d91028a27234e21c1583902e7206be69fe0cfcb79550978b90b93b5d

SHA512
d88bdb5d633d0f85599b4ce5b7ed102da4b43c19d9119ffdc6e710a3c769ed22a03170bdf43c79b8b9f91bf68a1265236de11a9f751d292a00940a6ba7c1245d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9997e8a7278f135546209f4cde9c62f2

SHA1
271f8dbb0f85f7dd52bc1738a846df6f56d0d6fd

SHA256
a82003e9c310b8eea0edfbc151bcf9206e0dbb789b1a3bcdf427e72a44329ca1

SHA512
3decfff213d975a9e6002854503beeb50d8c7b9f5336dde02be59c88740fe162d4731a07637294f083a99bb18058d8f3d4e3e6ac5f81a76fce242ed91b31a006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d34837192ab31041933375933bf84aa8

SHA1
8c2a01997b46c8ccc210fb1d08dde024004f877d

SHA256
e40642dbc2f5ef2e59f59434f3d1bea18285b2c60951627a7533be66f0723df4

SHA512
95a50f6b15fad78ecc76871e583b5652cacf0e80cc644cbf4b46a7b50041234de030d14f901ae53e6fe57697828ee1a97b48fa6593ebcfcb09641f094f356bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4064319f4030de0e8344ac980ac69483

SHA1
11185b23b7274bec1fb8520cd3c7e2d9b3198a55

SHA256
fd49952db72064f5754b7c46e4977fe7385592d149b4cf3bfc9050850860d5d0

SHA512
1fbf8f702152d337ea1db2c8562eea552ff7783020e97297d455808c5ed273d6ff73367924214faae2196d2efd615129bb71a4f313ed88ad5e00653fefd0f866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
81cead62838d15478dc933458a05ca9c

SHA1
8ce9863d3d450bdae0b83b667a27c052597e59af

SHA256
0e3e8aa10d24e3475bb21a6687c428147b214ac3d6bb7684d4a05daf711020dd

SHA512
17aab6d12cd1d763550ef4e897b1c8c98e8fc74ae7cc64fc4762a3d7eefb9dda8d2cb0191fbbf3e081cdce2fd1cc4197193772322b286729de1547dcff0ef1b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e68b5a85f9b666d7d4ab30b926b27819

SHA1
9fd2fe5b03505c6d364e1b15737cb4c262f912e6

SHA256
e36d47f4c4b84e9324903408c6d598ca3c2bb5847d0fffc725b6dd8cf85f0546

SHA512
39dd690a4c45501b79bb72d541653711da64fab32c0bab39b3c27a9323e2ea49d2ce4ebb7f5ccb555ae4d3f88fe9285c4ef397d596edaee3dca76db4a6a38e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3e2c645a6bbc3143906d6ee6a02901d4

SHA1
b5176c4364e92f6038993d9b6e7cfe280d1b484d

SHA256
f4584bf659a97d0b5163d3da886a29a3f7198017d1f27b15060988ebd67b1c7a

SHA512
0938f709063f96863dcf421449a38dd8e245308d9778000fa2aa4f01208f1c3d3295d373b328c2ecd88b7d8d59f543b8aea86b3b896f59845580ec7f91e33d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
d7f8ffe315b7f2b1e14943c4552d0955

SHA1
0850eac4e309ccd2a399634c10a5209e010da416

SHA256
0c22d6143c9e09752d5cf26d3187fef0e373b5ee085be0e4d12b023efba1066f

SHA512
79a70cc3221edc5e01edc11a1c2bdd5584b4b6ef8c87f6f7dc5e7438085ef1275dd2eb847c966753a291109dfb53a7fd1b75e0db11649c751f28756718278032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
e67f9d53b651417da15e20c24a7a8b73

SHA1
3b4ac1ab354959dac71c7daed424224755450a95

SHA256
9a9707bd7a790c9b4ff8bfdc4500d766faa6d39332ff6d261bd2382fdf0ff980

SHA512
e3700a740af3a9ff5774a9303ebf8e3e620e5c8f758e7076d1616dddc1b3977af78d9f8a8278e71074aff3afada192da9c472d78c2645b88290a8957fc8b0875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590824.TMP

Filesize
48B

MD5
03463393bf60519d71a18d6316ac709d

SHA1
e4ff610635fc1386001f36157097b802aefe8146

SHA256
ef94e4297a8ed4d9e419d557a8a971cd48f0006c9d580cba5f2a565d1738fa39

SHA512
76bc7e38957f36dcf146dbceadcb052417b784a5bc68af8549a0d763655c09bc46cff452d7c7b758d5737c629d2e2e11e46c3afa6ab2fb2f26f890fff6976bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
82f4bcd7a0bce62dc0e5286ef5573942

SHA1
2612edd61055e00371f3ada7bef44f04b2b530af

SHA256
b13819293864035eba2649cde051becf612dc3ab8e2140edd59852efec552d7c

SHA512
9f124d219e6002517251ffb1714d7631a01b9a281d87f6d054914f70e06eb71593d7a1292f7e22bebfa5d94780939980f867e3152213ba07950e2b6a4ad62ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f6a2e0ee68ecbd792e67eb8d0bf44628

SHA1
c2c3ac235d518772070b24eb3358e8027be8f4cb

SHA256
61e17e4ebc3154c475a78745ae217b30d6fd0a3c735c90973e12634e787972b0

SHA512
33c01753187ce40da67af5f1cd1f29b44e7e5743e6399c4104944208f5d69dd722ed32b1c609deb2b8f22246ed0d0d79638b32a8901dba580c6ee335a8f7e5de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90d6df73d0459db47af61fc3f66f0e3d

SHA1
fa3f1733dc2d20ea20e1bfe2012d350eb9ff019e

SHA256
1fc0654ac244607a7c15473b27576f946eba754a7f9fd5f42a5e1bf357c3b83f

SHA512
ae92bbf1a23ec50adab2c04b2b4bae9ddc47d35c7094b394acb951d0c5de0f97ecb4ee9fbe75380dd478fac105e2e1ce9a8be3d3d00badd27c5ed4ac4a58aec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4328d088498a746152e18a9de22339ea

SHA1
78bad5a067bd4e33c1587360767a411ba9b50faf

SHA256
1eeb1817a6d25c364514a03c1902ba1b211b143ef16cc96c08431f02369d285e

SHA512
bbdf35ac25eabec36a1cb4166125eae2b896372f181d22c285a7dba24e04fa65ad553e033a62a9db69edb18fded09febf537db9f691da7f8cd82f098fdc7a520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
551625466eecae1fe9200f86790ba24a

SHA1
2e202b7a0711a6bb858fe8e9b262aebdedbcc6b8

SHA256
069bfed5c0cee5ceb6a732b64e50305588f8982bbc2e3ad4e2c7f7a4254d9d83

SHA512
9c38934967281f0231857b2bd9bab66711e01342474d7d7e3f62c248c591af6e8a553ff5f8b311db4e7128e136333a6411ae1ee9476282e967d8b1c46f2b15d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
16a03098324aa3430de6365460065dca

SHA1
dbb4eba26503866d91f1abf27607454e38929d45

SHA256
bf4378182e372b7e43f945656ef09d2486d48e8456d67d3444b6d15cedcb64f8

SHA512
ee2c2dcb1875c6786c112406844404a08e83fc17760073c06009f648e9b3e636efe315b3df9b40917821d5b34836dc1fc735791bc9c00ba443df5be75f5b743e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fe992b83f20dea2b4cd6b651f3678137

SHA1
c3432312c1cbb8fc3853e906a75c8347b25e0d19

SHA256
0562982ec5d99b6f78bd6b0cc69bd956bd6d7b5b7a6643cb58931ea979557e31

SHA512
185d56a2385c9bf421ee12f3caeebf017507d404d4e7cb09143227f86d9249cf3e642a210237d9e90ec3504ee802cfbf147027bd1a642aafdff0bbb218eba0b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
25c0b20121d3d80fb5684f8610d42301

SHA1
a7cb83c353b95a41c0b126da043c8bfd307c9633

SHA256
a1a874632b543740028eaeeaf82125a15fb236e1e5efae3f60c7d08f09d44097

SHA512
b9b4a6b31a332d363fd1c2cadcaa26c423597d484c852199e6e6507edb7ef5ad035b365fd25ddac4c8d5feee796d9f09b186d7b78cd0ceddf39efc73cbc0c571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f8e3420339bcfe9c689c98ed28bc14b

SHA1
3c78f2d57f7f1b0f5d635a36f934473cd09d26e1

SHA256
165927a4d1fa0370a200d509e20cae01038e80a85a35d98fc344635624d55f61

SHA512
21ad972a5ad10e41679d15031ee6cc9ae3d43377837c0be31416efd92c249878a2c3a03471738aff632aa6e350d164183af7ae57ab3a52b63360df09f491d9b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b6bc17ca79af3e9a02ad79e5d16b00e1

SHA1
f833b349e324c745349c1c961c73370fffe95b7a

SHA256
f494771a6479e378db4603ab43708fafb3ca66669c2888ecf1f447700a04076f

SHA512
7190b302800a4074ed6ee9855615d2285315fafb75f74b9c421beed81547b6b99b546f2a68de03879b7b9e8d81fdc63f84e530ff670e0a08a8aee1ac6ffd55d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2da5211f2e8b3a60aaecc36238dde2e9

SHA1
f844ba75f0aa2c109950234cebab96bd7aa1b4dc

SHA256
9d5630c31964b85d091b0e7314f5201e6129d671c447d9569252eaa5d42f9daa

SHA512
1c102fad7377e9539a2d2abc1dd0c39009bd7184d10121ef61ab1dec2fd2ecb55691fa9b52a3b3e809a8ab349fbf98828a184a6837d70c6367571d72636d2587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a6c9ded60c7ffdcf10af6031958d0552

SHA1
942cc425d96d539e5ef2b17fd8620d30f7e000c2

SHA256
4deef7dff7963dab8be7fb63573feaa3741c7f0754b8c53d3180010c254a6f40

SHA512
965c27061f658dacdb16f6fd58aa34eee51f791986e9ae9b82b5d8cca40f4a833a50b642e5e6ea5d3274d1ed2220766c429ac33326a851fd4ec9929510b5d518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0de72a38850eb0a757c48d64cb79e5ea

SHA1
a4d38f1acedbc1b5a9819e5eabf4c67418c594f8

SHA256
a339e1f1cddcb121714b278f41484f74ebe3ce82824aa733d69b9a9550191162

SHA512
a00617113d6b34b4837c5b40065e78bf85ca3e4cdec6748881f55dd3c6065a71a77bd1d61232f67fa61325e2be75db2d0c8105d6897187db6466425d9f5adb04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
dcd05435cb65c7e98f4d1a1fc63c2b04

SHA1
130e75ef6a77a500f01d9362e2e2dc7d44b7ec90

SHA256
9c744f3c37e2d31c3ac7e985fcbd2512644fd0de7c8ab079b7965643de5b8890

SHA512
2ffc9f22096bde2d5769f2053920ef5c853d3141716eb5c27b6a2d91124c852b0358fcc3d0cca50d0ffe9b27bdfc27daf0096c85ddd466de8d3da1a8becf28ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e1ad0dd484a21baef841aac09d23048

SHA1
289ef2b621bee1750b7cd99f47fc7b9123fd751f

SHA256
9a46300527bbc56fda2d2568a5ecabcf640f8935641f5e92690794a88cd96696

SHA512
1eeb7476a25830f6faafb818f4c5a9495ade53b547000943bbf6302487673b54334cc803a4cc356fc19756728e331c7d9af3b4f8cbb09ccbfff479edf38cd172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
77950209497278a756d30e7af1c337ce

SHA1
88c373b5c697bb5bb284b8c40b2780ad4d14a8a4

SHA256
c3a36d9b58a58e50103f59202b936ca8c0f31c955565b588e9beae454130b3eb

SHA512
9d7819d76f19c4c617927384ec39929250b07700734e6c5aaa9ce3abcf1a53a2307c0160215d710c775eeb67c0d1ca77d11b00c27b8b9779cdc0351ed1641f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
26425f285a9c3a391fb9dba6ed80200c

SHA1
21ef784f650b82d55c6d82ab1f2ced9a5b63a63a

SHA256
bde4f2510f6979aaab171b070dcb860e7986f346d2835056f8ef5f12b3c3f438

SHA512
886e50e770dd5f003a21f6878d5b5932316212b65e3f0c36e54b44611f9ce023c7c8e117010e3ab8cfca30e6a1713792eceb590e294dd4b4dd97c358b488d5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
258d23764c2cd60b4cdb2690e0a98061

SHA1
f30e53d4890dad8bd7edc3d23ee0d41ef661fb0e

SHA256
f21e72d7cfda457696b8b7d024b4812b042a3e59cb09850db0c7d6a281273301

SHA512
da00248b507e7b3af471fb16af8dc2d489c188bdd576ceff9e32a4418693bc5d030e8e90bfbc4269d9edd3d33d0078814a1f895b3649b877e080d575be5fe0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3deb813e4988fa101d709ec8ed29ed8d

SHA1
a0055355f4088bbfbe5857203196e07004876e57

SHA256
62d30de3fc7799f7622edd97b2dac0214c457831a1af4713cffde06ff04d019f

SHA512
667239d76870451cd63a3a9d2fac50e6f4441646cbeb886324aeffc54e3771d8e74c44b86a172839bb13f642bb6a801ef4fbff6b96db4b9b0cff32d99657a169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
9b426ea4bbd08e327cad4940a6300c35

SHA1
52fc38c91e9b29d855a0a7a10cbc98b8c97600e7

SHA256
df88b8d177c6b9a2a646c2a373e97755aca8fe25859d7d256fd526f8fd678f77

SHA512
1302c36ca28efe861218f5be469c4bdf94c3206b301fd959b8ba250f7e8f1cf1812276d89b7974b710034ba9bd48ceaaa741dbb76b9e80050eaa0b9b69282a99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b7e6f8dc727ba88c6b619afa0656c939

SHA1
b691d134014e0f25cdde4686ba00f9863ac4d0e7

SHA256
8fe312b0e194469b471c82bfeeec8626fa48c06445736772816c89920505cb0e

SHA512
6ed89a2efb69b83ce81a8e71d3f9850ed3c41894da4b36755383fa31708a427723a1be55dbe54f5f5e29de994cfabce494376a5cdfdbde5810d437e401897edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584820.TMP

Filesize
538B

MD5
a7efb1c18878666b545b23d1417a01b4

SHA1
38c5708a2793b5f748a9071c34c44d9ad19f70b3

SHA256
f56b936b5f9f204ca5013eac3e50a97081788f9f1748bebf43118c31d270bd9b

SHA512
1ed414e54c63c4eefe0b2d05f6b50f7d0566b675c5299cb208246ad92ac32674587c0e674c6fbf045a6a1a29bcbd309579307a3ba8917c98102fc22e65a99b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9db2352eddcfc88fc29f1a691442fe91

SHA1
46e3a8545a5045ffc19f39b7181cf6bed59f0f0e

SHA256
55e7c16b1daa96af82d8c232baa443419df81b8cf7f01fd1ae7ea25d253ac38d

SHA512
89a674958c6547949b278db6ecc1a587ff183f1af5226ccd0c43d34d42b672e211eb6f5caf5ab2e8b7a5eb151b00afa9faa715362deb17f70499690d11c8aad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7324e25d661e1b3a8a33362f363f9ca0

SHA1
6ab281b0d593c2d905ecf27d946c5f057ce5276f

SHA256
7243c4164cf32597fcbb5ecd5776c2e71061d51b20dcee46e0e6d897c74687c7

SHA512
122051735f81f32d9c8b02f9c287e8243f407f68112d023b0b7457e87e815c8a3f62a8ade0261441bf6f34a3c69770cd2a719e6d03576cdf0a8f61bda4d0adac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ef69313c46d9dd7c89253ae6f9ccad78

SHA1
031661bbcf7e9f5fc807acf02d9a97c7737102c8

SHA256
e8f85bdff39a8dce35c00f0b65aed011958994f436c9ffc8799159ef3f7d636a

SHA512
daa62a15abeadb394a7dc4de9808e34f4488bc47bb9178f51acbe189f3bfe806cf49471251eee4768e2f2668e885e1b9a341d1bc36dc6052c863901dee7afc41

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ef8215b31b49ebe64e5c8d5deac1b373

SHA1
6b904497ccfb480424e106a67063a00b829cda5c

SHA256
46c674ba1c0f1b3f894992702e7b7f840d13c62de317ca1ec0478ecaa9da69b5

SHA512
1e99c23d440e714c93ae8d0cf99e5b896794279dc2df731b7099c54bbfd70e9138fd29c42c74da8fd5a6314baab629213d3f9aea758dd8c93e1effaceb5ea321

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
4d0bb5b5053869b6177a10f40451c70e

SHA1
bb44968e81778e386fea5e34c741db5f2e524c45

SHA256
0467dd20056648e3db6ea6e912ce2e518644f4d979a10e8f15e7ff5262040077

SHA512
961acfe8b0f1f0a25e3467731c95e4f34f90feaa3fb2f51a8e28bcf6b44adef5ea18f56d44f7eb9f3d0ff7ec767d11fcf00db6e44033044b56fc16c1e1ab44fe

Download Submit
\??\pipe\LOCAL\crashpad_4588_YJEPGJIRRTDHTCBV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit