hxxp://http[:]\\discord[.]com/login

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 03:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://http:\\discord.com/login

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
75	discord.com
76	discord.com
74	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
246	api.ipify.org
249	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{49206C89-CE97-473F-937D-7925545F364E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
1416	msedge.exe
1416	msedge.exe
4912	identity_helper.exe
4912	identity_helper.exe
5720	msedge.exe
5720	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 1392	1416	msedge.exe	83
PID 1416 wrote to memory of 1392	1416	msedge.exe	83
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 612	1416	msedge.exe	84
PID 1416 wrote to memory of 2172	1416	msedge.exe	85
PID 1416 wrote to memory of 2172	1416	msedge.exe	85
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86
PID 1416 wrote to memory of 2644	1416	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://http:\\discord.com/login
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc374346f8,0x7ffc37434708,0x7ffc37434718
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1080 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17804245339241596515,6857082163035286556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:3964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
39KB

MD5
8facf4d1ac6ff2520d3f9536ec0ba688

SHA1
05a661afe1d0f83e9566498cb4b895f1c90beae7

SHA256
a7d8fbd8a9794a97d9ea3752e450a700c2e295a681b4fa7a21affedc4fdb1a9c

SHA512
2cf271954eae3bc8766c3e19215732ee46591cbc3492b24d96cd26376be64dedb711c5d4962377b559b37c097aa267992ef380ad02bd5706435679076805a1d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
1.2MB

MD5
b76a36f694fd69b229872393bd33b65c

SHA1
710ebf0e68bb65f2faa4356abe17f3d164e8b943

SHA256
1942ea4d2f0b066d0bbf102d25490e01e3843a204b2cc3cf2b721a7f7ddb9712

SHA512
8e4172f38b9b32658717de15c38f5b0c4dfcdbeb73424e6ba4f08981c868fdc240eb5776452f0a71395df2d0bc441f3f88ffaead5860fa672d992a94fb868a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
29a2d50852326a066e99f78800ee98cc

SHA1
28b507884f3729848fc956b5305d93fc3f6960f0

SHA256
3f5df0e5771e22ee5fc12f0dbdd8d60e5f9d7589fb457c6fee4c7d270b9c7587

SHA512
97a4b1432de7713f32c2dfd6ee6410f6da64285c587b7d0c5744ffac31984e02a252cdc248e52c5f08db4bff7c86c5fc3aa10783635f10e7b4e22d034ea1cd63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
2KB

MD5
bfdd05eebd6c9017783213a6672d498a

SHA1
dda749c0503b47dcc27d01951b00478b860894b8

SHA256
7071fbf44e27cdae646c8701c1970d0da45b947a2bedb350094b1316b55f05dc

SHA512
262f0fb8690df8b93f438298d87a740ae27771059c17aa3a8ff590193ab9eecb34e10f2e53c8367b29f9a2ff0be9e803863d52a82ae13af5bd76f9e584b16684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8926e979ac994e34ebf6446c4dfb70b8

SHA1
2a5d87cd03c6409471809279fd9b7736e8d47371

SHA256
1a036a5648ba87438573054b5dd907a16fe229ee692afef7a27c67a88706f277

SHA512
bd6d9afb273a683491289bb298277535c6f61184823760cc750f9b4e3ea55ce79ced346f032209c8454b04bfc73cf984473df0df33896f3f4aa6a8691b9d4702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
cd5bf52a493f59ef9f21bdef6e9b4a28

SHA1
a3ecac265d95554641379315e661f085c2c37fa0

SHA256
9519b3f4dfa861ba013d4d6cd46cd10c6721ff373b1292fc930214f12e48be7e

SHA512
f6e0467b86acd54d5ca3bad49d5ec86dd86bcbd4ef631b6421bda67a05ff06445690a9271533a5023d0faebc6d7f228bf88aa6d029a2938dc1755dea24be2fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b4259379b359295845202627f23569e9

SHA1
1711a2aff59189fd3f55ea1c2960a2505617a33a

SHA256
21c7e94818cf26c1d02ae1ad6628ca38ff3f99998fee6f8a91e2d41085a002b1

SHA512
3e9a67c7d055d78e1d2c1c87f598684b322746515d775bd52227eddefad60113b5ff26dc39718b7a1bed808df8412a10af797259c46de6eaada9b06edc7082d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5afe7e1b6927d2eab1917e78450fd776

SHA1
50429e4bf941aaf1576d2cf04de1cc149b403f53

SHA256
5a2257d353f9c5294085fec0faeb33a3950025a0b87ab9bb8a2372a973b5d3d6

SHA512
a60abd9bcf58b3b4cc90ec2a8499252939be260622132bd8aeb327dfb16a0c50d30c4e829272244f384871d880a365bcc3f768145e29250d13d1e343f30d6614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
161eac2460ec6e89ad46b8f31f089170

SHA1
8d89a4871009176dbe1f2fa1b6d309365ab212cb

SHA256
ea865b71f7792ebfdc999c20c10f4a4208689162bc82c594c0e28a2d4e8752ca

SHA512
69f35d71f120912ca6fa65f806e3b252d5258d810f400a783da6200abd9c49815a84b0b1bed05100a8cc3ffea3ced7c5d50be97319968a4d6cba76ed266d3aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1e3820a5c38f9491be80e1f02a788b1c

SHA1
6221119cfcf7e05149128dc7a4defa14cfcaa45c

SHA256
9f3e5ff08415b4802f6d3df408636aa35746cb040fb91422a3bd7a34111b3c4b

SHA512
25ddf828d3ce0e641a5a1c867a4ea325b589a23cb5d930b69506c8603da063cf31edd263f5195de22818f6e4a20986b605d9edf5e952c418caae57d614290420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8542b844ad5e9a2c93f3535564e92436

SHA1
49caac198fed6b196e0ea1aea61e7566276c9e8d

SHA256
dc49915d0a2a7024f7cb98cac30383b7bd103935094cd24606ce5edc3d95cf39

SHA512
f80c323544f4590b6a704d4d4b008eee2809f80070d8b9e25cebddc9b86f0c98c433100d25a341ca3a47035b1b5fc841a7e072325ab62dfaec713253008c4861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b08648c4bad59712035095c5657d7fda

SHA1
d6a8fc2a3a6616d25bec591447eb56493799f081

SHA256
9e8a2b1b4ec466477c75e93fdeb152d0ad1e190d1e1a8cb690dd7f5ac6b172ee

SHA512
ff88a8f4ac0d765d855c197597f7ccf3eadaef621cd49ddca4e8e5191cca3c7ad4c65214b6d2cab0a128043666cf065ac617aa51dd76b0dff4731ceadbc01c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a13e3b2b4776a97a4e607df8cb0e50bf

SHA1
a7e067cd7a0d1dc1baca48f30db06ba3fee17bd6

SHA256
49933fedd029d6e512abb81ab50be800c0d3913bf1b199700dbaaf49ea4b3275

SHA512
cf0b073bf5be51c0e4afdf77226004ceae13ed4b8ae287a3ed60686dddc3e3a1efb9efca0163a3e0ab79259307f2dbcf8dad1eb1bb92f87c412b2f209e93b6cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b1f20ba7fcbbc9c6c839dfb5433d5085

SHA1
2a3dcbaeacaeb09cf64938ca0446019fb069d255

SHA256
3e90948b4c9091c96820618f295beb795be7f8d0c9c9a3c811a675d94a37a949

SHA512
e70d0cd11974e4da4ff578df81833ff13526eca8dc3145acb72197061b638b93f66c2551094fa3ac304b835253c044b2e384f26531f0483d0b7a852c69b16986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
46a8508484ab78572aea4483c1774442

SHA1
4832c0adf83ac544304c4d51b887a808338e96ca

SHA256
3869b2e9a883e4bed5110da6d9a2a1bc9bf496f3c2c9c4997809a972af6feb25

SHA512
20abd07f0bd5b033c9b29737b65e1b1d5aab5b81510f3b25d9e8bd9a75e528a908db2046784cf144c59598f640a486f7a088c2a5f308eb5eba283d491288decf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
664ec8ff2b75da1ccf53a9a554053844

SHA1
be817bc7b9c05e87cda2116264b51838a3b2ad18

SHA256
16c04e61f0241b3e95390255d88700aad3026a08964330e87d687fb8abdf25dc

SHA512
aa1bb6e20ab92fcc9efcb21850219f0637b0047283c9d040bf2b7f16855fa51f61fabc1d6ed7c0aa8e10724c4e49419d6c68d8735297ad5e4c482a4995ea07f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ab7cae4eaf22878982b9fd1b322f7d3a

SHA1
f522bbe3284a631298bda25cc80f7d74e7b25035

SHA256
b41d7abcfd6699623a77f9d016909e33678e763ffb937536aa1d7b8ace66fee8

SHA512
8e324a575c8030a00dcae834a5f2f3a258fbc900a8594b928a8ef3d79f37d5f1190fa2901473ba0a81ba6468dee9ec04445528eb5822e5ee617ca849b9754963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce3600c36f43b1950bfd8f9a8b589ec9

SHA1
7c27da74ea801a942366ee4accde10e90523cf00

SHA256
304cdd3df9512704fa4906cd8d7cc03c589121a5a18775de897c39a349b8061b

SHA512
e4367eef3fd4974132126d07e5579afd940ab59476ffa83c6eeb0e8164463e29746cdfd11252851e8fd648a852247c8fcfeb697bec3f1d9ca15da3260e8b9a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d8f2ef008efdfdc6cda1a03dcbbd1b0

SHA1
9a9dd3be97405d840840ce1b41046d711091bd44

SHA256
582d1cbbe8b1820f9cb6f172b731e7371dc5defad4a68eb4180e747a84bec62f

SHA512
4a06c60e260949ad26e885819abb1f313b4e306e27f622812d8c9f8aaf28ceaacda53cc885329b721e0a82e84dd71aae568a5b4bb4ceecf6c0dd67769f463420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2b041326d21deb958f4c095f3fb672bb

SHA1
d241485bf475d6c7d14cbfa2b2ba3116bcf9d1ba

SHA256
0564a11c7796cc5aea529d6ab9d6743b885df80ac4d58302fc9eac204bb20ac0

SHA512
66612f801f41292b32781df43470dc1c12a16eb84bf642cacebe19bb5f1efc1c8c84b81c74bd76ed308ca07826244d5dc9a3fcfacee3cff22527c36fb03d3d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f1887659b81f67329a65cf30fd6acecd

SHA1
08aa9a5878a963ff13273f55fe17d0110f514184

SHA256
67692cd8ebeee284b24d081a4abe30722bc9189c60d5dd2925d6cfdfd43bbf26

SHA512
f2a76ded846cb2fa91038ed0678626aff9450b1d565cb0bb03994814d03e4bae2982fc6cab2e79ce0278d05a46a5ad1ca5d4afde940544ae5d8c991402e90245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
47ef1c1ecaf225948d3cc29ff8c87eab

SHA1
5399c755b43135f908b7d566595c4e1683f01460

SHA256
632f030efbd5d1eeded4ca6a92aa986e99fdb65b101f3f0c526dc0b55a8ac464

SHA512
81b140037c111dbfb5b16fdef6637a5e0dc7643ea29934cfd7e477e0ab3cd9d379ee07d1c483d25fc22c7805d1ad5c29da0e955585978d0abc3959fd7eebc666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
f1bc61292a4d754562ba5d25b8e0faa3

SHA1
23cd737716b3ce2030220e4ef2b0074145abc107

SHA256
edf6e5daec4458d1b537eb2c76584976910c01037acd1bf033d391f19881b6b4

SHA512
86ec000d2c5e6545c226a6bbdcf1a67a6fa97838d08c7a6e6aae46d7d12219de13213dbb7b396531ade41483db2e890a0d2783e46c483779a434c3b5ea740df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
37d7a1eb1f08629a9308c5a3f0e99234

SHA1
f6cb80f5495f14f7f71b51a4cc87b6ad1a98cc39

SHA256
87fee2667d78883f99b4d8661b1b2063fbbe18115f51d1c89bc59dd3440b94c6

SHA512
08ba11419707b28501788ee3e125fd8bdf7d79b58f721bee81ff0ab5e52f6401f8a570bd3d2ea0b872d49e0f03f76080785ec5f37ee5207170bfb69a09fb6f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
f90aedd6a9df92a0bc217319792e4f7f

SHA1
f3d24cdd6f9a0e2070c1bed639282c37690f7a65

SHA256
c68fdc9f3501f2a1cdae699f979dcd2a4b12b391210d615913e6e6c01af00462

SHA512
ab507fd2bf6a960b01dcedf674d28c046142bca2c18b15846094bf901073d96abe076cd6c55b3d868cc194c5092375ca676f32b643a5e74338b2f8c624658d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0dbf2bd2df114ebe194aa1f5a0f50679

SHA1
b16eebf4958630474c515cc3368db1a00bfbfafd

SHA256
dd71aa8a04d5d8591a40a937500c6bee075b65e3c5b7c8ee9d3b5afe0dad900b

SHA512
28554388217c37b0861bc6ed1a3a90be1321ab90de9d8a9979f57deb3ced4c5ae8af18b9f22316d77b4b5b968a78422346675bcd445e44d1eda2424943777e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
410a277ce93df359ae4631f850ada809

SHA1
ca9100e8dfe2e78945edb86fd93aad0d82ead4c7

SHA256
841eaed77740c33da577f7e438835940438d666a5ab52cd28003fd000cbd0493

SHA512
e38b34d088a7d2a758627fb068fe9f6902d5b38251fbb92e8204b7766302b97f0ffa9b7569d87d44cbd3d2c545ce59f0ebb645baf2c7b1cf81dc247b8dfbcf0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
39e7a6db6cf1598997e0b2433113e6b0

SHA1
c29ab8077021a24a9dc393f5eb3ccce04cd9692c

SHA256
6d980feafd53d97dc23236f037444ac346533d44c1aa21c167f57ee04075244a

SHA512
e2d71f9bc7d0c04b423843d97c3ee560edc8855efaaa781481eb773778331f1c6825073250b85098862c3cfb17cb51838a472dc57ec430b93c7fcd75ddfd288d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5820f1.TMP

Filesize
370B

MD5
d2dbf56249f5fda07af604a2e29fa859

SHA1
ee7e02500caf39f4502e04a741a4ef2d6b50910c

SHA256
ce4beea09648051576b5617dd1799aec9326b09a34f296736d4a9741ac0435af

SHA512
a5df578b0744e0506ca4c108af0080215481a1cd191261c04560e260efe0d0bded09c056133965a68784144a9f6a3dfec3418dc6670aaddff161a12dbd0075a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ed826289-d41d-474a-980b-6bd9f8e8f403.tmp

Filesize
550B

MD5
18b306e662a147b89240e7e8145f12c6

SHA1
5d2faf8b44896a9801e9d1a2c8961204579ec08a

SHA256
a6b1e419d96e11c1f19fa67e6ef9340e5fa9e994cd368c5a2103de7490d0cc99

SHA512
04b33171378cc35005a3213e7fd256b1107fac2741f8f4a175bf730fb4abfa6456807e3d6e6cad87039ae1c2ef5c5d9a1152fbd02504f38274ac541cc65e56da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
71bdf2044879ff2c790aae70c702b264

SHA1
833479cef80e5666675819bd8f2c1d0d7a5f3443

SHA256
48364c271067b8b2323ea5bc28721f5798f875f5b1e9516b968e19e57bcb279c

SHA512
3f04b51a1541ee781fe0ef16af94914d2206631d6956b6060e09400a9851e5db1cd8a88d1046205e7eece4c6228bd7fc414125963c2b5057d82d0baa276047c8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
3f9f347a0959ccc3c279ae588d6601a5

SHA1
a6afa75f9d0a2bc365dc4ef5fe84e4b3f85c9b33

SHA256
ffe40b737dcebc5e179c1f40dd920371af4f5fecd481cb987b0473b74648ec30

SHA512
de56e9254b502072cab46a4cb60330ba38cbfbdd57f1e2a89d5f108be07ea264bf83dcba12b1f27f5f15ac4359366ccee8e53a6e0592329963c2b6e6002f4a2a

Download Submit