hxxps://tinyurl[.]com/2pwv3kyc

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/2pwv3kyc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4880	msedge.exe
4880	msedge.exe
380	msedge.exe
380	msedge.exe
2596	identity_helper.exe
2596	identity_helper.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

Processes:

msedge.exe

pid	process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 380 wrote to memory of 2408	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2408	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4516	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4880	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 4880	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2084	380	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tinyurl.com/2pwv3kyc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc824f46f8,0x7ffc824f4708,0x7ffc824f4718
2⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
2⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
2⤵
PID:2084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:4764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:2128

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
2⤵
PID:2716

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
2⤵
PID:4068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
2⤵
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
2⤵
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:1960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
2⤵
PID:5480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
2⤵
PID:5576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
2⤵
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
2⤵
PID:3496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
2⤵
PID:888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
2⤵
PID:2840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:1772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
2⤵
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
2⤵
PID:5560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
2⤵
PID:5780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
2⤵
PID:5788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
2⤵
PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
2⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
2⤵
PID:6092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
2⤵
PID:5208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
2⤵
PID:3176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
2⤵
PID:1132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
2⤵
PID:6104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
2⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
2⤵
PID:5996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:1
2⤵
PID:1040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
2⤵
PID:6004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
2⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
2⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
2⤵
PID:6108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
2⤵
PID:6128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
2⤵
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
2⤵
PID:5776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
2⤵
PID:5596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
2⤵
PID:4488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
2⤵
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
2⤵
PID:5240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
2⤵
PID:5996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
2⤵
PID:5992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
2⤵
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
2⤵
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
2⤵
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2009781518036688325,397019686024429423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
2⤵
PID:6140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2924

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
6aeef4a4ff9f8e48940109048c113735

SHA1
d95d6f912cf75a1ffbd2aaf4d52d58fcf3fe507d

SHA256
edcf5821cb0f3083e6c4e4a3b24192be219d58f9d9b86f57cdfaa06ec66c54a8

SHA512
1a541e41d222d42f6635572d947e9cdb820c8ce19cc5063b6212de4dc54b19190b6bbb65ee06241804adfda0bdf5dce239243f4f012f244bffda47db11d82a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
Filesize
62KB

MD5
6e8834a3945e6e2db4bec98445cf2267

SHA1
2d5300fff3e83ba0624f83de12bdf4bf1f9e9bee

SHA256
5960ba2a57cf6f6297c7eb019c4bed7e1fc4e9d6230ee9c53da601fe799543f8

SHA512
80e96f5a7b787dba918f523fea87a1a45461a44cf6f28b27009bde247709697e617f453263f8cb4dfd43f6f6b2fe9e938dd487dd9e2c9be235eabf94eeb4628c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
31KB

MD5
7ad7f8b226329acba12aab120767031a

SHA1
1700a9c957a574aef1e80ae5a9b8de0e00f64295

SHA256
e780b4f5e426db26bb37add473fb6e21dd07a3bb2667be7068d39e18ba6d4906

SHA512
2039e35310ac7b98795e406407a417b210198ca01fd9a65a9d6cef778efa2f39d4daf7a669dad10bda62c54394183eb94d1f17afc3376589011938fc493f80fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
Filesize
99KB

MD5
b653d5f9b8dc18815e540493f916c72e

SHA1
8a777f750b8f1764ac561455242a00e7ad471ebb

SHA256
6c3afe16beb5e1d163a65ef422af118d812a88b4d5be5f38b5495a1c5a649ba3

SHA512
edd3e6eff3859bab04ce5ba77289ddbb1a71ec29a8679fa95659f2c69779673e828f7d4b1b96b4929c1d096cec8da19f7efa0dfa2b2f6ce517cf250f1421abb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
Filesize
132KB

MD5
ed91d07cd5e43f34266788b4c3c5db58

SHA1
6bee3d7cca8cd0f677ce3635d5125069d97a341d

SHA256
d714741ff614024875ba7369e72038d6322940c4d1e5c08596324699cb08c048

SHA512
c490781ccab977e8045aaf063c3ff7ac53c41bf3498d4dc8b38c098e67720eb772b5cc57a0f887ac4d8afbe548b19e0d8f202648ec90ace0398d92cf6a7fe0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
Filesize
243KB

MD5
0d2dc4c04a97fd331759d4b4f4d7e4cc

SHA1
1745cae06747f7777f809fa3220cca4a8210dd84

SHA256
b641d2012271bb75f7e82c5020f99d2ada0684651fc1787c70912b877b707bae

SHA512
e86eecbdba2de835514cb6a4ccde7b830818f4dd0c3e9aed17c6d35961bee2f53c2b488c32dde29a3aced6d032bdbae8106058ec88d7959076ade2f5ce1023e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
Filesize
16KB

MD5
49295de6ccd23cf80b6418a2d209868f

SHA1
42a955b4560bb22cb9b5b39577f7a691ea345018

SHA256
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa

SHA512
2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54035fa5f475b8a8_0
Filesize
38KB

MD5
69f322a4c6b439e524a06e5ae8ed5abf

SHA1
0a6504d2ae40031f1fb0143b7fc04c10e7cf51f0

SHA256
e6a0750a5925484add30269901fcff88d30e336224d494bd2d164797e3a46934

SHA512
f2856b148dc5f35212a0feb6193b8a47aa3b5f3da6b342bae7fe8956a093819cbf442c779ffb92b846024023a9ee022f3d5a5818f6b696862906cb85d269d396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7398d153da8d2581_0
Filesize
451KB

MD5
cc38346e5b6eb66e808f767e8d78dc7e

SHA1
5383ad75d6aef01603048c27e7664e42e4d21b7f

SHA256
6e336104adde0426756ffa0a17175d8b7e9e2b6a796ee62cea021ea63be4197b

SHA512
d89c486a9c66df5ae36d2cf22a8f11d7f241f4126d26a24f7a7b0808b40849df18bcc64a0ad0cb21ddefdbc62f883f8970767b38725ec25415c4d9a9c582e56e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74dc3b6de3802e9b_0
Filesize
265B

MD5
dec855116c6733fb518b7310b7ef04af

SHA1
bbb87b4208771292a917e2ba0a7a22d6e685aaa7

SHA256
ad5e15cd872ea42896bedd5ad97ffd5ee96b2812b0b645d28c7bee030a72329a

SHA512
5ebf580df71e9f4a169742ce56f5f3838478ea081bc1654e02093765a4a054a4fdf7a5b72513bef03b38a0f0961024f3599296b4aca90bc5316c28255b804206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f55e3366da51102_0
Filesize
256B

MD5
63c9994c32fe71af90a9bbcc8d26196a

SHA1
e9994cace54d6289a6a463cd1a7cc3ed12fb2722

SHA256
2f3ef03d19a5b1b1c1eaee68bbcaf532af388bb8a0b08b05b1acac2c78c763bd

SHA512
eb516e66e4e818c72638996e89874ebf290eaf635177c0d7a5bcfbba35110811c7e19a10a673c31e00d66e045e163edcaac1afce5c47ec550f060979df4645c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9fa0c2678bceb862_0
Filesize
385KB

MD5
7c7502e76523000492f42ed9c2a5aaee

SHA1
e834b458b9ecf155a3e07f7257c755a0e0701de0

SHA256
13c8bf52ab1a239bd800db5d7ff4262c3dabc95709b79341d07905c5b10c9fb3

SHA512
bc276c00445cbcf34bd1d699e7742788258b1a46360df1577177a3d34d7c92c89d241d4164bdb17a9d8f01d8a4e1501368323b1bcda5eba8c26dc7608dc36b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f0f2786b22fc7d9f_0
Filesize
42KB

MD5
4b983c4deff3a1021ab075195f1a3b7b

SHA1
5a35fe2bf38653f86590d2b137028b9ff8cdd803

SHA256
7c9cf0300b34a5b5a9b5a2dc83ff2b95097ca78259000fb409547e74d88514d4

SHA512
25d664bb5d690c05c28505822d3834068a8555d7b4897b67c97952411ea06783f94e8bbbbc06b2aa7531f0ec121b3cf997189eb5dea55bd7243f61eaf1b3fbb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
421e7368fce7936bb20957ac54b8ff17

SHA1
130b699d950290d10bec697557e54886cc6ef7b9

SHA256
a668ebe9a06115b3a1624393c38c4ef2081b88b4e524ffaa75311d23bcb00580

SHA512
e1ede0247fa630f6ff6d944d05a0abfed54f4b88a51d23b05c77d542784edf634b717cf88dbc7086212f9e8d00a237e975a39b15285bd7a0f3a02cfe1f25acb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
51c7412e8c0ab178c70a8cfbfd062b57

SHA1
3e3ab179b16d99d2b9b58a35749a959ec9300f37

SHA256
68c53da58401818db6e1f29e4149dacf13d48ba7c989b5ec588b58ebb2458b5d

SHA512
2f59b78fc976d466a764f8d4e751560148549893430b1c76340c469c3c107456afd1b2f9721e85488fe9b2ebd419285689e20709bf39121f356011f51e61683e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8def7a97c01cdd71f3f2838d828fc211

SHA1
95c9f583f23d5df6414d60b260fcf486d3b9cd38

SHA256
3bc54abf82a1fb31928176a1a90ef076a36698a5aea352aa53089a9beb0c5b8d

SHA512
f0479374fc58bafe49d94dea0698c235ec8044853a80e7bbd0352a1f138744cca5464bdd639b082ea6543247f22bee98b09f6d41ca8b35ea5ddcde264b633d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
70c12b68c050f183fd587039d6d3b853

SHA1
f572f021c68038cd415c2e7feae44e51117f9e79

SHA256
476ac6934716140457141c04d84735f0a21ee5b0ab6ecfde289dc1c447df7fdd

SHA512
6aabbc754c397a2b158a22a46a85019539602465b93e2d54d8e61240baff7c80698db37e7210ca838ce20074ba28939ab7e35cec447bb46795ae00a118b4b147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
7ef476c744844d53c5bf553b05f7c3c0

SHA1
ac302abb552e00480b267270301324d704acb69d

SHA256
abad2a9b02a30b865410e09cc72dd06d319b787d7d90f0dc7f103091fa61d633

SHA512
3c08c26bc372bbe87f15a0ab94bd58ed17a726db563c22200755db9393d3257e779241f9a9e4140ff4bea50cfffeedce018b4a46fe03c11e06212136329693aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
0aabcd0153f7c909b2a9081af346fea1

SHA1
672fbd64cc2dc68009abd5ff93050777e267846d

SHA256
366343fdd554a397b6538123e8765602dd73736d4d8a0ce861fdefdbdefd4e2f

SHA512
c685c48b501e4187f5d4f70a327f878faa1ce6ec7e5e0f9eaff94ca766360dc350fe0f559dea0d5ecd340306bfa58c764245d20d365874fe0b86565d683f05e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
6990c47d15143d10d9499986ad5d8215

SHA1
664d1a577eef857a90796039b3de5848c054ddbb

SHA256
cee9e12dfd902e9287e720be875ca996275fab0915c9ff93bff00fcfe52bcf4c

SHA512
7f1abca0ee21e7182a7ee2034fedfa72ee3dbefee8affd5a00dfd1ae1cbb7b39a53ad00f0104c4c9f42a0e1f62c971a3efbce8d5db9aec2351e8fb153ea39a09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
3338f77545b146016b5ae6b8da2be154

SHA1
4dcd44ede4b64a666eb71560261b6f74eca65cb1

SHA256
8715b3444f45340757f27f92876f65c436a366aad3308af347aac15ecc2ba93c

SHA512
6718f8d5a41d941d466f9d2c0e37ebe45c7909dc5a00df6aada83b2bd926f5969c29ddab8aeef644c9dca0b3dc3dddaa95b140a95c5f374b426acf31f5733cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
f7624bda7fd508ac811d5636cd1747b2

SHA1
a0c6bde937d250b18d9ed82c3153b2394cdef89d

SHA256
e431cc9b721fa9af0a8fbe6c74507ea1d523783c000914d3047dc6d253979021

SHA512
da8e90c38a3977678474d974bc7fe3f874e356e05eb4833b7c5f12c085db3d1b5651521fa26c182cf2c6e1c8f4ac13e2ed226716739fee0b4aa0d0ad690b3f95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
02ae5b70b3bc092bfbd76ed48140f27d

SHA1
834621dc8cce4a0d4bc16643c1ec2ea4ed7686e6

SHA256
45a1b7dbf923c7480975695b8c5df31a7eda2833954faba3be0262f535026253

SHA512
e07649a9686bc9a73052fb215734f8fa57fa1e22c532ef27e183eb85b056dc394cf3b217a49659013817d740349eb2bc902630f9cdbede875d85370e9a2b34bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57df15.TMP
Filesize
3KB

MD5
978e2cafb85395b3b08150e04cb89970

SHA1
4fdeeda9736600c4b3e5789397b4812cb7920896

SHA256
87296cb1c9b53600e603c4e3b28d605fde8865ddeb0111dfec6884bf316e728c

SHA512
907377a8cf130c0ee87c239cbf316aff1211664472f44294d598570300d240e19a8a3207901c69e7541b8099c9d9ff256bef58f9cb0e2ff618b92883489d7315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9fd466afff406f1be919103ee6bef01e

SHA1
ea5cb2558bf04b78e543e8c94c54acfa281d0439

SHA256
8b8f8fba3d38b85940f92e5daf3e778ad5db133bd520da1f07ac662b34694f0b

SHA512
3c39e7b259955e5f3275fefe9e5d1fb021f2f9992a0e9dd711c858444939e9b0a57ebc222515cefe5f40691205274549b05a1596a24ccce33b114aab700227b1

Download Submit
\??\pipe\LOCAL\crashpad_380_XPXEOJNJFPQPVUTQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit