3c856e8fa3f4e9d62fa303cd75120901cfbb694ebb65a8fc774691d8aa5db372

Analysis

max time kernel
240s
max time network
285s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
26/04/2024, 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecureMessageAtt-1.html
Size

14KB
MD5

afa23de3ca0dabf8661563d0d07ed9b1
SHA1

6efb905bd0acf0a2b4f404e2a60e94e1e5e200c4
SHA256

3c856e8fa3f4e9d62fa303cd75120901cfbb694ebb65a8fc774691d8aa5db372
SHA512

5bff7a35b12a4e01939030ab78452fabd72401e583053218facf312d84d3b24814c9880929f4f254d6e3be2fc8e1c9d7ddba86b51c4291ffc1508d3830bbd4d1
SSDEEP

192:CFxhm4P0FP9TwRJV08VvGaFbFA58LInsollLbJRTlwtE9wEbI0UyaOuuktSnjee9:CFmxTwRJVvvxFA58LInsodhpbvUyVgXY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718508534-2116753757-2794822388-1000\{D7E7EEB4-E857-4A1B-BDE8-194ED988BF59}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
2112	msedge.exe
2112	msedge.exe
1988	identity_helper.exe
1988	identity_helper.exe
3992	msedge.exe
3992	msedge.exe
3520	msedge.exe
3520	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 32	2112	msedge.exe	79
PID 2112 wrote to memory of 32	2112	msedge.exe	79
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 3368	2112	msedge.exe	80
PID 2112 wrote to memory of 1964	2112	msedge.exe	81
PID 2112 wrote to memory of 1964	2112	msedge.exe	81
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82
PID 2112 wrote to memory of 2768	2112	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\SecureMessageAtt-1.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffba003cb8,0x7fffba003cc8,0x7fffba003cd8
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4064 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1332 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4064 /prefetch:8
  2⤵
  PID:352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6724 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,9385963024641022351,11641031125606124100,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6448 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6e15af8f29dec1e606c7774ef749eaf2

SHA1
15fbec608e4aa6ddd0e7fd8ea64c2e8197345e97

SHA256
de9124e3fddde204df6a6df22b8b87a51823ba227d3e304a6a6aced9da00c74c

SHA512
1c9c9acd158273749e666271a5cdb2a6aebf6e2b43b835ebcc49d5b48490cbbf4deddef08c232417cee33d4809dec9ddac2478765c1f3d7ed8ea7441f5fd1d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e5a2dac1f49835cf442fde4b7f74b88

SHA1
7b2cf4e2820f304adf533d43e6d75b3008941f72

SHA256
30bd1e1bafb4502c91c1fb568372c0fb046d32a4b732e6b88ce59ea23663e4ce

SHA512
933ac835894ce6cb8aac0261153823c96b6abec955173653dd56e534d644efd03aec71acb4f8cb0b9af871962296ec06cd03e570a0ac53098b8cd55657543786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4422298e-7eee-4d0a-96e8-1115ea22d250.tmp

Filesize
701B

MD5
c4825fd7670bbbc5348d3c27b1a8551e

SHA1
bef098fe583b93c7a4e1593a09da574bfd825e88

SHA256
ceab6cbaec437dd5e030ca640226d786803a1fc93a536031937bc69f4247d392

SHA512
060a3e24021ee42d878f0df747ca77400e4a69963804f584b09140bbde0cce030c5aef10fae4e13b43d00b2fdf6ec23505616e542ddf8b890a9d67fb523956eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
24KB

MD5
6c9193eaca3f3316140c7a96d8e2edea

SHA1
853589df20768e14568c2a37177f440ddadb95d4

SHA256
4e4a1edd64e32c55bb71e49fddaf41ee58aad04bdc1570a93a89645cb3c09895

SHA512
7bb0e6178dcf0bdb7871924a92af01ca05bd37bad50c9b7fa256115cb6ce5906d6bd1018d812ea5462ae434bdeb2c7c470238f795495e28bf9516c663951bad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
91KB

MD5
ca00b2bd616ffc3c6041350a592c7426

SHA1
ea082a42f3bb7a907b5a05e1e5ea5f6b967e3efe

SHA256
19846dea837aa2a28869f608db27827473e96713c9de87ed94906af0a928ddc2

SHA512
e18de16bd4f1c2cefcb9e205a5daf48cb60925961f3f6de0c4a93529b1b9aab2c49f0e6cb08f45da673152c8a333f622002dc229172c2fb804c8139caa5c21df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2bef44516f868c12ec5adddcd0718e17

SHA1
949a395efae9e1f9863d5d9b6e262ec7c34b53ac

SHA256
7c62ebe06b5c412c31278bc4cfacf49236a81dadc97b5ca1b6d5b4c13119e28b

SHA512
e2e943bd36a45303009bc0762723f0493ffb7c8f0077451ab7f07994f0caff987c975cbaeaed7c6fd39b4115e465873ce73ad51164d7120116763c4ea616ce12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6f1cf525c999c2ddd42e6813dcf8aff4

SHA1
5d53142d5a407bd9f5fd06ef3dab8597f3e06781

SHA256
de14fb33aef14f1844f2f66b2c59c9e35f4ad4d5c845f078c2919ad6512c0a9b

SHA512
150b2dfb63ac46e59eb6a290d2592c93ffe49aac44d88a0bb3bb791c44bd9500e043695be13c84576521b72d451ae7b5f67cfbc197fa7c77729b909584667b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
88c33da10ec5cac34a4f2fa6ea9de078

SHA1
f3d91e7bb816266c342483467e96285c2adcdce9

SHA256
d837cbced86ca269de5613cc0a21530294d7b3a3f895edc6475faa4da16fb033

SHA512
6fa7ee843d9c5e48abf354eaba63120c4e7f51f63699af16a85e327766f7865c2c47fc1b0dc530a17e8a3fc450af9bb95fc8ad20fd49710ca09ce7c0470db9dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2b7acdc641779afd313e752382a029b7

SHA1
783eabbe493636ce8b1ab58b1690971cbb620b46

SHA256
c1060a8aa4c72acc1900288d76f3963df6ef2d9e24a632aed5b8692adb9a3fb1

SHA512
3cdb8a0ca61f2366b3bbe01c398d9f33e84a9ec16fc41edc126ac6d4e34655b927f4645fcedc22a2cacf9494821a5163b589eaac303aebdec4399e1e31fc75a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4413de2ccd6e5df26df7e4bc253f1725

SHA1
be701c5af5f3c3e08e24581376053502ad19531e

SHA256
8a0a68194fb5bb5747de2118088e48df701da56ef909b96fe0dff2994192cf39

SHA512
03ecb59e11b58989963f59f1089b68f2acf0e1b6db3d1619d593fc21e0390adb74907275bd4c8438fd2954ab55f8679331573d11a22a69b186dc3f2e2b2e6e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3cfc6deaf3777399f6ea29618412b513

SHA1
b89fcf4584aa22ab9ced873bdbd62143e59fd684

SHA256
2ecdaa4a5af3d055917d1a9ce58acf125a5234532f41553ee8b4059c35a77cc8

SHA512
fdf5d6cd34aee1bf1c5dcff3852811283df624250b5b8118e4bedd8fbf887eb693621e09e0f86398a5d8a2b3b3973c8ae148c14c149d89c653c9a277d8f448f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
007a44a040f322ddeaee547b644b7470

SHA1
d13768b3faa810af409beeeb1a0c39b97e20e47d

SHA256
8d212fe7098ab8326ef1a5b72346ba806f2aced9e1642768b9750fb79e7c8e36

SHA512
afc59efc04d238fcc08795f08a126dad8bb0b3a4752bc3f80fec8e8cb839fa468892fd268c3db75d34c3291ba7ee9913795eff5ae74768a42ddce45179e476ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3bcc8981975a3018d3cb3ad9fe552453

SHA1
8c89061bf6f9a8b2f6bc8c219f5181aff986c83c

SHA256
6d4fe7705a62f95bc36670f9cabe4fca84964a2e5aa58232e039abc41f36c929

SHA512
d29e7f24792044b4fcd171b42c1bf3bd76f87ed919c79625f62bb839b0cb2121cdc776f420bff00d16cf3b7381b7a075d7cb41ad7d5c1da7516103a548c7ad6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eb3fdb98356d1a339519e72fa37159f8

SHA1
f6f5b22b18eed7996ab7ec05db586d0b3e3972e1

SHA256
f47b9ce7d8f79bfd47566d97f43f0930fe34d104ad0408481e67a88c62509e97

SHA512
e64bb449a3c6e219f6cbf6af3fe5d827eebee766b5ec2a7ca88ac93d5b99483764bf7daff71631d6e566cd1280650c758d9cc2b521c98b1c4e7bff64b3e94ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d67e771a641d7e55bea620e2d37012f

SHA1
d75703d54f9c8fd3f686d30dd80de7bf945f99d1

SHA256
72495d20a6ff821ce5689033e8470d7431c1479646c7e0bcfe5914b5aefd7ba5

SHA512
91711f5dfe107e3fe176d0a6eb68e6bbd2b60a5d73f8fd862c0f766dac750dfa075963642842408235c4771cd1118e6fcf1140f592e71c212ababef0cc7951f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2fd980401e577147cb58ddc7a9f4320a

SHA1
5725eef83ce938d89525f1caeeb4356809b00532

SHA256
3d94fc6d7faf4e05d6b7a7a6cc2560f36a560607d1aa9636683214e6b78f0850

SHA512
9e92b0f2c28337d00e6ba9feb893f158436c2d9040a258a209766e0b66f38f29396651d962ec9d39281ff4e388cb91363b655b091ec43fda0176bb3f783872be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a71035464a14dcc18082b87a9681324

SHA1
8babc45934945b631fa158aa700000de4f36c169

SHA256
93d9599ebb018cd2b9d895075a2252fc92d8c524839178bd12a3903d776f06d4

SHA512
900bce914098b19475af997c8bc004252ffa4a98fd2b701c3bcc5c6e785c3814263dace2093c6503e7cedb2747358150ef7919f838cc00a69cedef06ff972324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9fde2db5c533164b397201e6ed4f713b

SHA1
e1cb40435b5e1229cb97aa1cb58532d6c16d9af3

SHA256
f45da298612f8ef7c5190f5a0eeea104f651c7b93fc878a2f150b04a941b1e68

SHA512
6a7fd99e95cf798316059486a473261c69d44c2a6fee28068aa0624913dc6b4e914ffbdd70f564f0edac991a2495272909fe9b08804444210c26a4e248b4ee55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2bcdadf20f7c00ce7c736cd5d8c299df

SHA1
063ffc3a098c84395f9263414613772c2de7cb4b

SHA256
abdba526355b24844ce3218228b0a3a45c92aa17d02252e3b799206b213097a0

SHA512
a52dfbbaa2be66e3687c5039f5bc767d2bcc0a6ad2777f1cae3350b7b2222c20ea1057a62630e282ff01e8a0d57aacda7b915e3d60f02b3ff5c2129e4c144252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
79d09171cb2aa57f1453dd77ea76c029

SHA1
cde657216c6c201dd5f6d9d829672c8d280da51f

SHA256
fe9399b798e452dd7b8b1d8e09b8409b2f81e6601ab1821ff239de78f70beaa4

SHA512
81901b92d775b14acebb5604ef5768b27c785f322e38ef6cb60a05b127a6b36fd9662d6349629702718c2e0fa42cc6e1464466c5becf5bf8becd187aac9be4a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580a9a.TMP

Filesize
48B

MD5
1d3acf5c3e2d36686f2fde57fac7d60d

SHA1
01a2cd7f84ceac2896a9b959c2203bb3523da9f2

SHA256
2eeeb6d8891e4298cca68dc7dddf9c808edd8ee39afe0b3a6d4c978adfae7f32

SHA512
5aa6dc86d83230e38d0a6333d05076a82bcac47658b7898eef98e149af7b4e7f70bf40e235c2ae01761d29a497393a86dfc8851d1f903632f988f76e1e444ff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
281a9724ea7b715a4795bf4bdd0408fd

SHA1
900bf52bb83ef19928ad457e89561315045ebe87

SHA256
b989523f4e3beb969b17dfabd8e2ce0d2c2729ff4229c03fbf2a3166e7f13d2d

SHA512
e460e31fa6fd7bd45ba2fb17b2a4926a0898b9ab3fec751bef2284efc881b5d905061ed01aab8b160b5c90e1986fdc0f26ba4706e0651f57abd94a49d768b001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
946a431a517c90cd940020100400493f

SHA1
5dcbf599962eed13f5c50e4000950cebf722bed0

SHA256
90acdade8c45c37896bd6d818fe59756b7d05d717786a3adb874e42a60545476

SHA512
c073214f8c502ecbde878d778e9b79b8306a0c46fddb8da3408434348cdbe65f3f816cce1c1043109e5817c4fa2c7b21d6089c26c5c1f9dfcc4b36995e5fe64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
f191ef5f51be45d33df903746a26bac6

SHA1
d3c1fda5cd46cd9eb8c795248339c9fdaf9ea0d6

SHA256
88977c5ac05cc3a70fa165c84d86c850b971340ea53f543eacec8b90b3241066

SHA512
6ee01e247f23751f9aa58d0aefd1a3183f836c0ddbb22b9215bc190d1064cb271a7e6c226f7ecfe7c92fb3df4e02cb79041fb19c62d8f24cc1b59f7e64b57b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
a91152791f96f1300da364592cd10424

SHA1
329e0631482c6c1e98a36b18fa6513b7d079993b

SHA256
a7ed58f45307095e5e19208b022afb5ca04d931ef0d5a24d55011b88096d349c

SHA512
787f8e3841f62c790c9714c500d652f57458eb7ce74ec453e3a6856b724393595b6359d5487fd031935a69845f73ef37dd96fdf04fd8f5f72060d36af13bcb93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e28b057a6d1e387ab37d3dde8d5ebb91

SHA1
40de08043ade30727970321c24b83636c30527b6

SHA256
98a192e055a15887e9b004a372b3ecf563300e28b03c1c6fb630eee3ea375253

SHA512
7d1c0f05b0439c4bf224131cf93d58d53a3999a5469ecf44c666cc658d5b58825790f11be7886e6072595367f111352a7094af71bca1f12dea6be1447964fcbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5cdd9ec2f7c8b7f8f697aa7770a6255b

SHA1
f058a29a335b6630e748308009de1bda15127fe3

SHA256
6738096f075554df885a3863e7b98ba5f0992ad2cae676af069330c48aeaf144

SHA512
3f752411f8f0dd2543ce3231f578ea9554a17acb5bb36ceb323cc7a7a965025cb861e07b13be6257e31f3099285d15de3b3536aad6e93a2ef6f46db156cf1bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e9e2605720a68748fcb58cf417c8c272

SHA1
fa21720106bf73876b7ae6db4f4fe3e4739fb347

SHA256
9733103557856b378d696a4bd723821d52ff25683d842c6c6419e377c634e604

SHA512
4bd81432b79e96e439b4bddf74e69f090431fef29f30212e59d50c0ef4f553813669cf53c2879b8055167b32957d6bf7b22dc2527572c0fe00d510257d31343d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4cf8b05cfcd3135186d57ff394f13005

SHA1
a21eb6a3d369473c3784c0ee99e83fb598d65e12

SHA256
6bb0b99d5246fce92cd6d8fe1346129fa92b87e75abdb68bcd8f3f0b2f4194e7

SHA512
517e1bd71354d9b6702938bf035f16089e563843a6d94c2635294e342af84553024b57271a236a7722b68455aa1996b5afa45da738b284d9c1cbdd264f49ba97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a827.TMP

Filesize
203B

MD5
b267b6f2edc13257c3e66089f0f32734

SHA1
d205ba97efee82e486674c27f7b0af5dfe6e4ad4

SHA256
9e3fb9853b2310057ba1d2ea2222ea45d08be0266e459e290a7bf2ab671ef7ba

SHA512
6216286cbb26b3f3d938f01d04dec064086488777fe4904102db83ea778633494ed7f6f97f6319944c42e82660022e688c3c812f66fc94770159934f66bf487d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
84f6a5ba8b87c3ab50303e06a982644b

SHA1
b63e1f6f6a77d50ff7dbf67f5710becbc0a36ae3

SHA256
c647870e3d032d2006bab5fe6045ad90708987ae0f5f315ad76fa47ea2491b5c

SHA512
9841decdeadba2e23f2ab41d30d2cb0a9ab761afb9ffd0761b20df590de2b1d8c5d8b6d141b2329fe0c8455667d4eb9f77c72c711f820bf14bfd406a9e8393ca

Download Submit