3979e4ff2df1591f673f61c7f5fc1381fc66230f8db786ad49be00fb89c30655

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25/04/2024, 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

266KB
MD5

17293fa164569f5d6e8b63c9d0bdf162
SHA1

e0adb475ee28c5a4202a498759d2ecfa6b361167
SHA256

3979e4ff2df1591f673f61c7f5fc1381fc66230f8db786ad49be00fb89c30655
SHA512

2883035863725d80113233eea996d7756746d313e8a572b1d0782600a267aa514c4ac8f06249086b73ebef9b1fd59de42c31088c26cd8c629dc1b0fb46f2f922
SSDEEP

3072:Ni6gAkHnjPIQ6KSEX/9H/PaW+LN7DxRLlzg9r:5gAkHnjPIQBSE1fPCN7jGr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
4876	msedge.exe
4876	msedge.exe
1956	identity_helper.exe
1956	identity_helper.exe
2260	msedge.exe
2260	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
676	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 2888	4876	msedge.exe	77
PID 4876 wrote to memory of 2888	4876	msedge.exe	77
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 760	4876	msedge.exe	78
PID 4876 wrote to memory of 1592	4876	msedge.exe	79
PID 4876 wrote to memory of 1592	4876	msedge.exe	79
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80
PID 4876 wrote to memory of 4948	4876	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe8fda3cb8,0x7ffe8fda3cc8,0x7ffe8fda3cd8
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8656 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9176 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9600 /prefetch:1
  2⤵
  PID:6208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9864 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1
  2⤵
  PID:6356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:6660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:1
  2⤵
  PID:7000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8968 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,15036206468777716070,9039432769907420403,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0fcda4fac8ec713700f95299a89bc126

SHA1
576a818957f882dc0b892a29da15c4bb71b93455

SHA256
f7a257742d3a6e6edd16ac8c4c4696d4bdf653041868329461444a0973e71430

SHA512
ab350ca508c412ff860f82d25ac7492afb3baf4a2827249ebc7ec9632ee444f8f0716389f0623afc0756f395cf00d7a90a0f89b360acdf72b1befe34eecb5986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
21986fa2280bae3957498a58adf62fc2

SHA1
d01ad69975b7dc46eba6806783450f987fa2b48d

SHA256
c91d76b0f27ccea28c4f5f872dee6a98f2d37424ef0b5f188af8c6757090cbb5

SHA512
ae9ba1abe7def7f6924d486a58427f04a02af7dd82aa3a36c1ed527a23ec7897f00b0e30f22529e9599ae2db88e8abc7ba8013b426885aa3c961ee74678455f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
73KB

MD5
9b85d55917fe3d4462fcb726ecca5417

SHA1
d3fdef0bca758722f4ede18d5acde12864c76830

SHA256
79edd35aabcf902620ea5167e947d2385c6562cb70c9be420132806c58b22add

SHA512
df9f3588f0c0fc5a002113cc3cc501e62016d105b4d3e644a2f2c5ae21a5a431ff385a2395692288020eef67853c11b5ecf46eb8144e2648e3955177ea9d39e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
62KB

MD5
6e8834a3945e6e2db4bec98445cf2267

SHA1
2d5300fff3e83ba0624f83de12bdf4bf1f9e9bee

SHA256
5960ba2a57cf6f6297c7eb019c4bed7e1fc4e9d6230ee9c53da601fe799543f8

SHA512
80e96f5a7b787dba918f523fea87a1a45461a44cf6f28b27009bde247709697e617f453263f8cb4dfd43f6f6b2fe9e938dd487dd9e2c9be235eabf94eeb4628c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
31KB

MD5
7ad7f8b226329acba12aab120767031a

SHA1
1700a9c957a574aef1e80ae5a9b8de0e00f64295

SHA256
e780b4f5e426db26bb37add473fb6e21dd07a3bb2667be7068d39e18ba6d4906

SHA512
2039e35310ac7b98795e406407a417b210198ca01fd9a65a9d6cef778efa2f39d4daf7a669dad10bda62c54394183eb94d1f17afc3376589011938fc493f80fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b0b1c723b39ea948facc7655a02535ae

SHA1
e793fea59395c4d11152392ae404fded9f08a2c9

SHA256
8e494fb9a92f6a47ff0b4e342a4cf0d85a8479ef8af4ebb6cdcf0a8f4caac98f

SHA512
c437cec0d3596cef529a704f184542bba64d8b8f99c2779696f87efa325c99cae871735428b8ab177cd06e7ecfcf4c096b13c46f40118e756ef59f474fcfdfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0f42833dcd89854847b314d1f9be19b1

SHA1
c8ce59391d3a069868411739297aa0dc1da4a895

SHA256
0a28635ced090e49cbed8ec79e508c0467efa8e0b48f5c174a642ccfbfa55411

SHA512
5b32cdf890fe22010f3263d6f881889bcf302b7fecfaa375c2df9e42ce75765aa300eeab73cc30f1aefb761aaaa888c359c816d66dbc06a90c4874f27199430b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
33717ff9d63c6b52fb1589c2cbffe780

SHA1
ca15f3e2fc025d51f88ea0fcc61681be680b4f40

SHA256
1cc595603d8ce2cb244cf7625ac040664c37dd17608314e394a5272ab81c5bbb

SHA512
97242f10a99ed733402e7353f2347286f216b387d403767d1c06990cc221260ccdb01d9c9e358f412594dc386d3e04f7de7694b5ea6cc0966a773d11170760b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
47d88556757d304ff9c219d44cb835d9

SHA1
0e53f5fc8c9469144f080ff0eeedde760cd1d64f

SHA256
c586e6584fcfd8f7bf82c7459781664a7387bab4dedac3abee4e58f544313eb7

SHA512
7cce71b5ce8840941737d24ff6d0b653f3f255be0fa44a8a5b0fbc52c479a76a4fe73858d7d723fd8a0157e599b7775031c5f2052623e708f1b492e97297add5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
b817efff65b169e7ed31848a300e541b

SHA1
8be42bcdaba107ad9c38097f1228eee097d11fd4

SHA256
6d919caf4de8030336334de1ad85ca57bc66628d1be5ee134f1c171cfe5d687a

SHA512
2c347c6224a6ec56a77230323eaf1881f1d5435eb503b9d5dbb12e057c46beaa8dd3c826675d10cf1da3996f1d528e557bf721045e8b3da75c7083bb7350b0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2a90166fa81ffa413bb91dac1fbefa6e

SHA1
048523f021eddcbd51928d4c6c86c64161264f25

SHA256
30279386182d2b8cbec780d6de4041a0a0c132b3cb2cd8af773f5512f9a24440

SHA512
0c2b129b14e4ee9052a7c8ba6172b8513abdfa88456a5b5cb4566371797dc9e404bfa84ffcb76976eb87f715af044e97e6880f6fa94cdcfa2313deffc73ad1cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7bd51d1d3d159494a1067aed2026a663

SHA1
d3bd6e24cee48f5ffe1740a761bd01336a45795e

SHA256
61f5fed5a2f0015202df8de91cd7f49b3a3f50c67441944a3305374ff4db2c84

SHA512
0394eaccfbbe47ed307c451693540ac0366983e666d0c86478536c40fef0846b7bb9cf868b28fbbaef57026e52a6e7578e587681c8185e683f050ee34faac58a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a10a31550d7fbb4de1f797c1247f2e00

SHA1
5eac04d34d6de95cce5554796ab1ba44aea485bb

SHA256
ac500dda5ceeaa49408854334f49ea18afc76da9a040861013bd9fe262af87a6

SHA512
52f2d2d52549c0a40e01b039f7987538450509e620a4527cc9319805701cdaf84fbea008bb28d58b447073ea022ed44b6a29866da479e6cf680b9c95cb9a57f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
dfffcfe4568ecde36aa0be2bbbb1701a

SHA1
333d539eea01c8e58eff1a8e85f6c967943caac9

SHA256
37aabef3f7169b8257109cbbbd89c223f028d56105a90c62ee299a0e657e09e2

SHA512
11e01af1e5fed9137d69a42592f1eeb9574e332429f26529cc4b5c441049a146a29e17e9a144a5f115a0784a1887f3679970b196aefbd3f536202a932887c867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
8bb73cebfae1759e181939ae7eb01345

SHA1
cd4abe5f47652da6a193d11f29c6586f4ad062f6

SHA256
93738c6ff07fb93f4679fe3fa49f0acc864c738d8d5c833675a81bffc8696e97

SHA512
8dff24f41cb64fda617648656d9e9b998adc9e7dd30a486e0b37932729938f3819d426bbb8ec29ca9dbea66e01c2e83500e93178e57fdc92539d9200d848b430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
27a204c6b85af04e60398d96cb8b5a97

SHA1
9885b9b1c6d4cb4477c1fcb5a9073412622b3f85

SHA256
724fe66072a92b24e4dc97547ed452c74b1fd1710364f112012003635da8a407

SHA512
23604a31b5e8a5eebf8041611e8475fc6def935e153b2bfb029524c4c59b37b36e32dc6ddcbe1319be8761fdf5b28d4d187dcdcd8c9ba21ac8137a258d4a26e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
86bef490191f93d254dead509931819f

SHA1
06ed6f0ea18a22f3c86705d98e98ae102cec8515

SHA256
539d37ebf64ba458bbb5d70b8b9c0b272061ff02df39db31fe46754828ad5931

SHA512
5c33b2b8e87db4905513b76e403ff28bcfdaf5f4f92741be5cfe411c1e46b19c2153a66cc7707ffa7063527e53e0e2f334338b144119f233f78864755e6b19a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
89f87f9bc5e3009d9235899871ff6107

SHA1
f6f146efdc449873754ad812c05e392a388947fa

SHA256
5e6c6d9f0158f2c81b25f481630ea8973aafa57d410b83d5fe0a9b4db2e9c74e

SHA512
d91fa70d5973823a6723f5571d4dba9751fa838f806756d3d68b869bb3237d14b282fed97785c63fe185c1d09b56dee1f4d3325b802adf38f7de9dd34eb89f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
d9854ea943b237834aba58c75077b171

SHA1
4a6221a784091ba117dc17a0460a7631b18ecc5b

SHA256
3183a0c67cca0ee465db642100d349f877b9090bb51d7fb007f6b71e3add01d0

SHA512
1bd3022ac67725dea55afa62b8b638ee7da9550388f3218ff1b96741401f70fca7597c6dd3f2d588012adc36f24a0242f2db3bcde0acc6e9fd08e6eff53f3f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b9de86738c7314c52f024d587cd0fe7c

SHA1
a9767ec27dc191352c2e5bc631c48239491c35b6

SHA256
e8f89993dc871bab4a52798f5c83f5f708f8cae50c57e57fce3627d8b9808f7e

SHA512
873336030506c17e7d844995f9fe216369870689b7a2488d8e93eca5ccba2bc707cd0171f3f1ca2cd90581988d3e379fcd18e2ba39b8a200f6afb86c3de8aade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a3caf42850415a38539201e1540aad8e

SHA1
ba6328581b2537cfbd10634e3824fe7053308591

SHA256
4aeb74ff1f3ffc892d2e9c3b6e7e2a8fe70edf343d285a37e0a8217dba999c66

SHA512
fd9010519a313420cd42672d1f2e505e2a1b8b9737c098affceb550c56205ca49325b758190f5d061a86a6d1d8a6ea99d9b8766802703059de18386f73cfe987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f482.TMP

Filesize
538B

MD5
cb8180bac82f7f1fe7b67275ec33b941

SHA1
ef1d518e3d4a8f07b55a3437d94a2ee2e6720424

SHA256
8e6695254b9650e192acad61afc1f47f3ae9230b53f320e2c4bb0e53776aa73c

SHA512
1edb9dc31323a9481a5e975410d4fd02f61bb42452a3d0da2f44c601b7dac3d8fe84015a4bb44e8a022309fd1f01a99359204311c2d566b2a9d5d6eb8155a73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
01be121a9fe759910308bd6ce07bbf75

SHA1
59b6c1e2ef5d2e7f416b5c9c1d745fc4f72211d5

SHA256
365213401a05efa11f00239138c01aaa335a002043603def9addf288e16d80c0

SHA512
aa6afda2752f556e3a695636e87ebabadda1389472c486c71555301d3e8591e6ebc4b7b07d3f38a0e60d710b32082391924db59dfcf976d0a0a4aa44e6b4d76c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6ab21a71310013dab61b49f765193c0a

SHA1
84dfc30f9799752cb0dbcdf9c9295281505e9463

SHA256
6cf2cb70f1e0d19568ca3089af48e590db646941d83bca660a13c0b2f46a54ee

SHA512
a23792f56480a66cc2b4fbfed75e19395c06a132ea9a29217f7e328c91db9836dd2341bf6bdf0055400d88eb5a56cc31d28ab9d3f6fa0eeabb02e39f23e9c614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
31a792786af887ab29240f5c4660953f

SHA1
156b6ef3f84384c67538e4c1fc8d71d92d32d20b

SHA256
ae750a4907e5e1baa1ec4e29157b84b98c25e87c4f5f5c62599f7ecbe391eaf9

SHA512
fa7dcfe56f6286489f7fc150577f78b349fd846d1556e23d8dcc101aaedf083eb88a8b09189facc482ef6aea0941a593eca26f06ed91ffdfb331802eae099b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a29552c16ab38717958a3909a4bbe892

SHA1
9a00e5a6162249d77640729b6f4387f47f393439

SHA256
d7b322a5feb91f43ff7d440fefc7c5f8f3110740e992a8862a4d4df796e5521c

SHA512
730fb96e45fcc5df311be910137cabf3dea23d274cbe64b3c6c592eb0f74e95976dd6b794c2aea5335eee6c60a56714749572e6a760fce683a3273807045920f

Download Submit