hxxp://technopat[.]net

Analysis

max time kernel
146s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
21/02/2024, 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://technopat.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2930051783-2551506282-3430162621-1000\{8BE543FD-AE8C-48B9-8C9D-B08E86787CA3}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1664	msedge.exe
1664	msedge.exe
3208	msedge.exe
3208	msedge.exe
3484	msedge.exe
3484	msedge.exe
5104	identity_helper.exe
5104	identity_helper.exe
1488	msedge.exe
1488	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 2908	3208	msedge.exe	27
PID 3208 wrote to memory of 2908	3208	msedge.exe	27
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 4524	3208	msedge.exe	80
PID 3208 wrote to memory of 1664	3208	msedge.exe	82
PID 3208 wrote to memory of 1664	3208	msedge.exe	82
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81
PID 3208 wrote to memory of 4088	3208	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://technopat.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff9a733cb8,0x7fff9a733cc8,0x7fff9a733cd8
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2840 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3204 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2576 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1384,10466457620932653222,4195246493376862694,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96899614360333c9904499393c6e3d75

SHA1
bbfa17cf8df01c266323965735f00f0e9e04cd34

SHA256
486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c

SHA512
974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
19a8bcb40a17253313345edd2a0da1e7

SHA1
86fac74b5bbc59e910248caebd1176a48a46d72e

SHA256
b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e

SHA512
9f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
95KB

MD5
178e5acd79dd031bc6b1671fd1cdfe84

SHA1
d550571086178244fabff82f504495ca67dcd5d5

SHA256
5b2de636526b6a4387746d9a0fc94610333b2581ebfb0c9df446a143a55422ac

SHA512
4c34b6b6d2006dd6961e013eeec4e939d612b80faa7c8d4e755b2babae6e10c474ecdc4f299253112b80c91dd12d96536e9735eb35440168149204ba6d201b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
28KB

MD5
028014e70da4a51954e0678d11ef6c02

SHA1
4588674c28511f2bb1adf8f67ebda4c3644b1a06

SHA256
006c577023e3bc982c73a7cf2b19a0f930a19c3ea6246e3eeca83aa2754ab446

SHA512
25f68cc4d4df14ec7166c021fc2562be038fe02ab0ef11503c3258660ba1d735b11934e2774a0206922619a07dabe2387224b35d46c616547766c6ff5e4220ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
29KB

MD5
d453eca18d366c4054d2efd57717cf9d

SHA1
c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4

SHA256
be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc

SHA512
a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
29KB

MD5
c9bfbdd5ca2878d0c3e29eb6ee1b2fbc

SHA1
071693a9aac5ade31f06adefe89e4c07c098f11a

SHA256
58815bacd261e13e020ad6ef9917c2f66031f5bd5aa91ae855ce0d4f657f696e

SHA512
c2d3427bf1211e0927218662e87c13b169689b6215c6cc446d9f7b63774b196223d19e438a45d969eb668ea950adbc096e7c61625dee299e74686c54291233ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
105KB

MD5
24cab279a1b1479cd2848b4cf4db97d8

SHA1
c59c889167dfa25ea85e0ab5b93db29270cd9a3a

SHA256
2feef54f715ea3e6192ec7a9d30e910044968a41d8fe91fc9b1b469ad574df51

SHA512
d1ec7ed765e5ec1b5e095a917437ddcd783ad01a1d6025f1125906617afc24e1d3a9cd702616d18c4231e5ffe60e5326a8dee855db42bc417568283c310e5c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
109KB

MD5
bb3fc9718561b34e8ab4e7b60bf19da6

SHA1
61c958bedf93d543622351633d91ad9dda838723

SHA256
d6ea500b6752094a4c340d4f5ed01afdca1925006077560d9a3f56054cd8d141

SHA512
97da30e9a0d14e6f9151539b77b2216e0f6b6cc4742f075077f9ff92f46f8b97e82f020c562625261eaa01bcf810ce81c0b7b71340ac566aef1bef5a07dac63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
155KB

MD5
65b00bec774c969842aceb3199fbe254

SHA1
bd464411b9578497f081a5f8b6c04180b6ee0f0a

SHA256
d604e67e9d16b6b3d2f10687a36ec00597c48288fa60bfa957bd3ca78eadceda

SHA512
0c89ad2ca25ecd9058e42ed477bf6cd1512859c7ac63701206a82f2591b2878acc7f9354b6a23245fd186ca9b3c809cf7700c0e3e43f469c37580d8531d3beac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000088

Filesize
134KB

MD5
4787dd34ac59f7876fc7a3e8c4d3c01c

SHA1
0a2fa42f0b64a361f9404802fc4eea75da616df5

SHA256
cebb59025c724f97697d4cfabceb05bb69c991351ef578467104cf1cbb35beee

SHA512
fcfe75082898e159cbd1b0a2d449df81c577c04822ba598431c179d40fd9c87e9f01376691993b8c1860c189543c1a16cb8512d60d01270bb411eec229b5caed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
0db7233a265bc7a7cafd8f527c86a9bf

SHA1
47f7a081eec1bf8dd9510e22a04465b033b02ca7

SHA256
ec5b36f192a5832ec7c7abc95b0e06332735bdf463482597e37c65d18f58ceb7

SHA512
d983585c218f76edf560c0c9e7ee1f8060bd44b107a97d283195278988e1c3db9b76cce8e8987e3f9df34199d234689f58bec460bb7005421f496814f9ba78eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
7abc95fd73f1384c2f7bd6773a0ea1f2

SHA1
12c888d81324af74c8cc50f86268b1177a9cf6ca

SHA256
c28d352372887ce5b318ab25f9894b3bf84cef8f4b18684526a1a910fec7d4c9

SHA512
d4370d5320bbcd653c37a8c15d97acaf578db30277b418adae54cada10e39e6ebf7b4235a1555ad5a1fd3238775b3e0595a2703e36446411652b851a497243c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
54d6287eac5a7bf9cb0066c69738914a

SHA1
6a53ce68fed31381d26c248db69ca03ef1686162

SHA256
5aa38011977e3b5befc21c61dc5894bb9d6921a5422d23f90fc3d9f85ee384f3

SHA512
852c733f5d9b41ff0830b2080e3f23ea19dbaaefb5e976c7083023c8655571f5b2cba7c8473fff5c4990dc0e98b72cdb805ef5a845b0121d85c771bac17e981c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6386a375fdaa07d99517158977ae8c4c

SHA1
46c83f11791b4e84c7e88e2e15ea1b15053f2cf0

SHA256
1e17ea85673d7f41bbdb8457d55f453c1abb9b6ee40fa447dcdc1f65905cbbba

SHA512
0aa68451e0d08b1bcb7cc3f3bdb6d9b1f7bc1c074d01e29b69987c324f33e16f4d8bbb7cecbb9a6a8872237e14f788e82efbd036b5516e192baa1fe9a29ff9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
72df97cf5d6754763ff30e2051be1409

SHA1
7f1902fe05899c053deda6c09620b6b0a8ddb043

SHA256
58fdc2e5533795e03784d06213f89a49cc93a97fa137032718e238ae4c894bb5

SHA512
06ab3c77d6676257295a1cfd6c87e28601b303e0e3a40522e62f15187f1806533900408ec9573440eb01d9a338f409d55ce4fb5f59f8514f41e673e82dbdbbe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2573ae2c2e6cdd9b36c320ef8c1a68a4

SHA1
2a161fc2d92bee467831b3b810d3b50331c0ff43

SHA256
1fbc5de39967a9ed778cb005bf485bd032aac0b2dfd4ec7943118b030089fad6

SHA512
be5450a053223f4e3d5cb4f93e3c79a2ba4eace686f12e9d0f1c40689aeee90dc3cb9e47b0b42a94a9d657017bbd0483f7dacd103a5971eafda8cecfd1399670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
039466f5b5243266775c2234bc254f2d

SHA1
ef8a87510153b6381b2b28d0d1598850463bb70c

SHA256
85bb14ce3f2126215a8397c13bcc9bad9c7897f058573abf4215bffccb8acabb

SHA512
f88e16d86e33c043a0c1eefc976e56f18eaac620c8dc56b224710f1e929b73ed7d140361749d61cdac7a8e628f9eb6444cb31f568c0a139e6846e439dc806cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c043432470064fa6fc0d189ee0610146

SHA1
cf99bef8dc7549587d081023790bc867422c762a

SHA256
5694a0760e46c9437dbf3f4cb9fe39a74ceb328c3278a48de27cededb9101458

SHA512
3c16cb9eb62bbff1868762f4b1c7eb61d127c166bc1bec605f1185b0253f78043431feeede8c6b4cb7f91f8dead156061eb4bdbb761c6aee57a43970b5629cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a2bb69c8a66b529604a38dec5f295841

SHA1
18187481ac1ebd001bbf3da506c5be85087cd50f

SHA256
da759c1c293e49135abf0ae2a5a4ee3fcc220c865c30d3b9a6cce7a2abdb4fe4

SHA512
be6104153a40de6fc9268d5ae5efb2689ccf4160bfbd21c202fb09039918652583b09c5df22ac44229a98e8b008f73d54f6d91b67fb19e761d54cebceeae9c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d93433f62e58979d17d1845a383a6e64

SHA1
a909f47ebc3dce5105302e3e523ed603a8bdd15d

SHA256
a31f8684f708a1e383b196053a7e7a48458a925bbb31e7cd1f954dc798cf0f65

SHA512
1104cf4eb50d6a2221b41855822aede344f861621d1786fe2d2d14366cd00a6a54f21839d5773591b00d9cd6df99f5d444ffd855ccf7731df8c91f69599b6428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2657bd44be79c90f5654bbd2a18e205e

SHA1
4da7cf70b118412a898a8ad04ba67f665f7c7f26

SHA256
35adc443a7c46fd0ef0b665d8bac1825047f1baabd3a92f94313076425b75e3b

SHA512
6993b7c68f232687121ced0c8e12470a5e14b46f2c4b8f653413489770ec078dfb9f40b4e781ed31b033a588de584e8546e8486a601d585f6fea257f3a3f832a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
62cf8109656f4e0b7321b685e5572dfb

SHA1
878a53b3e3b27247f37de712baed1c3c1ba09d06

SHA256
7745b16e3bc143cbcad4919135b18039b4d05e53e0dbfd6432f5988094f2d12e

SHA512
beb6618e96db008d27c67991e03277bf3c5ecd4408674dc3e86383ed3985644be033c21d56cf0fa9bbf861f41b4d939f6cf90e7160d603153e6fdcaef9566df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e285fe83765a51fae2c58b0871e692f8

SHA1
947a647e09754d1feb49cbacd350321cf85ee004

SHA256
d19f51cb95aaeee5ef65cb63d9dc2981cf6e8bf92962acdd063a2ccdbdc507d6

SHA512
9f70924c4ef2ebadcb15462e549b13fdcc4b5d2929e5e1c332c60ab21d89fe3b852f30c6bef9826f9ae63abf209d2cf16554cb072cdefbfa65678df80ed88b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
da3d1a2cda2538a9135266578b3325a3

SHA1
08be77122eae92b82a7a962e5fc815a05b3c0dae

SHA256
082e8d04adf157be2bf0a9d5b23f3642cf6bc7cc203e5fb3ec937312c8347104

SHA512
fa7e625becead76cf12176038911b92839380b2d43dcf4d6dbfe6406157384a9bd92b422e01363b4f734df074e987f1fe54c471465b75556efa3568f443320e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
76d97aa8ec733624456bcac8854b7592

SHA1
ab7ba3f53908d7ac0f7215343d23564407853470

SHA256
af9a557e170c70afc6340d5dd460a5355576f8fa81d1e046dd7397a32a13f878

SHA512
7aa386f6f8410f1388b465653aa6d8000107d12bd27ee5a498b179b61ce045841fae420af4a7c7d373cb893beddde0c33b79fb75e91b18df8f87a41ead45d9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
137066f23bd08424270316dddbb41d63

SHA1
bec2b2121d0df19cf3b5ab675a76726023b1690d

SHA256
4ecaffc793fe4fe10282860ceae7dd49fdf6b009f023ebb895679403aa6554e7

SHA512
f421f70d66c6e8b978e9696aba637e03d65f9fdb7c261b0133e92ee6baf9af9a5a14c107feda7702c4f578a803247fde01f52d1bc4792147fe1ca00c3d244cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579a6b.TMP

Filesize
1KB

MD5
0ebbede3739b497599198f1fe170e4e2

SHA1
7280ce331b192bb5c6b556a9c0e0a1d229bf485d

SHA256
114c0b994ed6671095775902de4f45b63db79587b159a3b1aa54e0187b07abfd

SHA512
b71ba6dc3e9761c5cbe46ac5daed2bdca3bfa280fcdc4acc840e92af21bdb2774f66f84bfd7531ef20eacd03347082ba6895ccbc3d0ed7d36c1be93c8a3ff114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6c10c4d50f36003c51231d4a48e68dac

SHA1
8722e88e28e5b5c3235189babab192734e8b1703

SHA256
4fa40cbad8f1a47e28b0903bbd60647adb71ec33456324fdfda9a68144fc3e59

SHA512
28cae5de8aec3b84c611082ee3bcb62dadeacfcfe056b941ece14922e3398edc6ff05660bf4142f4630d333db3fe7c81390f288ffd3c289979c0e1c70ac6f084

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
bf441a4bb8ed8d62b8a7c58e37db4f5e

SHA1
b59851f48a9116d846df881b0d09a456795c53d4

SHA256
576ee4fcd6701e5b7ffc57147817ae328c388dea457e2cf761e387d1746fccf6

SHA512
9186c97c31893947e61069d2724f84ac0dbf1a6830ea43d0007dcca1c0ade575b54d6013bcbf82ae4266b8c374ab561fabac0aba986fdd1bf8a1b6a99035c7f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
6b4492b3f5682c8ebf0eb462b7c0458a

SHA1
a280629aee10d69ea88b62de62a5599bd5a14ee6

SHA256
115f252855c56f7abb5d948f2543fdb9f4a1f5df03b2f2b46b86ad0959d3df65

SHA512
b055ae5496d37ec837cd95b109aeba82d6074069ba94f404adfa087e44c7e8d09d52067b3a139a52fcd749ac8dd92226aad77d2fefe7dd12d6517f92d1293c41

Download Submit