fe319d05736277ea8b32924db01ada61bd15f6ab609db67ac441f54d6c350d1e

Analysis

max time kernel
2657s
max time network
2684s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

016.jpg
Size

241KB
MD5

3266a6d5c58a845dc9de8060c96d8e30
SHA1

740c2cb0e2b9d2f79aeb7509eacc577f7969be87
SHA256

fe319d05736277ea8b32924db01ada61bd15f6ab609db67ac441f54d6c350d1e
SHA512

89b86d79c472b3a398fe3f376a1dcf17e72bfde128122c69b23c44057ef3d4286859a8891d72c62f9fa01d4f04c7b9c5abdf185e0c94e13407a91b387b3dca95
SSDEEP

6144:Lc6lqSSbzqQ7yzO6hJ2oT7tN57AOyoAh8n1V5OZ60dG1:4aebzqFxLFj7AOyB81bO/81

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{1A843CD9-7793-430A-BE41-B1E728C2E2A8}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
1812	msedge.exe
1812	msedge.exe
2308	msedge.exe
2308	msedge.exe
3356	identity_helper.exe
3356	identity_helper.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3608	msedge.exe
3608	msedge.exe
4148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid	process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

Processes:

msedge.exe

pid	process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

Processes:

msedge.exe

pid	process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2308 wrote to memory of 3664	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3664	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3748	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1812	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1812	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3980	2308	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\016.jpg
1⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe30b646f8,0x7ffe30b64708,0x7ffe30b64718
2⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
2⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
2⤵
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
2⤵
PID:3316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
2⤵
PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
2⤵
PID:1660

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 /prefetch:8
2⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
2⤵
PID:3280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
2⤵
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
2⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5400 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
2⤵
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
2⤵
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3668 /prefetch:8
2⤵
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=212 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1352 /prefetch:1
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1104 /prefetch:1
2⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
2⤵
PID:3172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
2⤵
PID:3820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5044 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.CdmService --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --service-sandbox-type=cdm --mojo-platform-channel-handle=6120 /prefetch:8
2⤵
PID:3404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2064,5768640741530224961,6770682250804728673,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6344 /prefetch:8
2⤵
PID:1852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d595491b366ab42cdc0e8dfefb0d8b69

SHA1
d49dc354dc0516049c2945679d227a85f764c281

SHA256
783bef9d0c1d3e59876e136e92be75b9a2c021a3abf4315fc8f904d71f1d527f

SHA512
8950cd78bb363bbc462bc2a40a08c507032674ef2cf497c0cb16e00e0627c2451648ac7bf19656fd506d9fdea74986fe5d169f90ae6b05aed94ae75be09a4e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f6b13bd48cea6291590b06e746bca1a7

SHA1
84bd9ecaa4ed125ff19f946572dfdc30344736b5

SHA256
5a023b9699e196ea068325a58b3c794567f1df825bd66bd8e508d2072fc0d404

SHA512
f44d27b14b17c0c7ea7eafb90d10eef0a9b291513103394a3291ccd8dcacfb6e37bf04c406067d5a93bb119bfcf64d1f0152b3d8076d3bee05e9e2cbac8db059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f89f12bc4bcab93f18ce7053bf3b00b7

SHA1
235b6bc048ba0d67fe1af0e276a9d7066f816ca9

SHA256
d677e9c6ebf4c8d81ec597baa4281262acf5b2c9a73dda252a41c8a115ad6d5b

SHA512
b6474cb4ce241f6f1e17771a3aa21b15fabc590f87b5cacdc89d00c4a6f0cbec29e221bc30e84f1a50ee229dc65f990eb63887e65162f71b3b13efa8c4f12247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2b2681cfdfdea96c81ee15216f36a9be

SHA1
52feb149e92dda74e9c0e4010bb16ce6af0c6a4c

SHA256
b91427ad4314521fb822f8d0c03ccf08db734034f10274f6fff94381489bd091

SHA512
f30ad641f592748da57f3bf4dacac2845aa7642e091dfa681dd9be166af14b4f3d0569296703a6955e7177c670a6d769668875b7d353bbacc64fb476b6e8b703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f82c126dbc94992b9b18dbe1eee019a4

SHA1
da988235c2b9a049cf612ed3a71271afec75d068

SHA256
44987ad6719d5dc6e385f702764b27e911173a9bd1c18dae600f85385954a76e

SHA512
41d6808bc2e49d0e98547c6ed72d55bc2b1e194405bbd58934fadf09dae91ddc341fac0b317f0e8cf3b6611d575f7a5f81a22b9a8f997361fddaea5ee9256b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
84c1c3c3ee34f6545dd280ff93ed5f41

SHA1
47aa682ce5392bf7f2d5025d2b81e5b4f2169d8e

SHA256
905d461379ad2a30385e8cfd0d2c07343d636d174ae4adaf6c336cb610960359

SHA512
f5a7ca5125ab53b25c7af6a33ff9946a621564d53a0e2e240b4d499ce5e8bfd7c88669ab498c29a1e1ba46b688a5af4418e12e59e96863cf7b409fe41a9aa012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4dd822a8413af19ba384662a35047253

SHA1
2440b474d60ce5342a9cd49cc49b63f3155e466c

SHA256
cf1cc33e7ad8be48974235f77bfbdfcb6770c426b73f3c623b076844ad9f7348

SHA512
40ed9c110361d28d012b3e9c8be12079cf26000c16d3939b2621dd8106a57f0b3ffa119cec91b2e4bc46e3a2f1ae218f33e071dddbd6c75d81cd08cbeb06bf87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7ddb59f17feed9922f7c9099a5109ad5

SHA1
5ec0c1fe43318365a68271e4377f8ee49f35ef93

SHA256
d9d093358d07ebd160087c58605261fcd9a145030591467aaf24b11746a393e6

SHA512
08ac4df27822ad8f2b06b2f69b1ce728ed29d606d380ad3a2d375ece3ea765ca14f6f6fb35ff9cd42e19dd79e693643dadfca3f1959b99eb8ef6cd71e5f9927d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
494007b4976d6c079dca9451458dbfe1

SHA1
0a4e0e58c5bf190afbdf384e5a32e02a5d1df9a0

SHA256
59316fa8d9ba977910005a4f40dc5ae920a3707d77e28ddaefc9855a4be8646c

SHA512
bc786f2a7c6a46f8d6d8887df53fcde644fd7fe71ab0d9056e42cb9f7863834a0837c8308058f8d0fa860b4c98cef2818579ae048b55b39927bb6d67603002d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2786033bb69f1ffd13b62f599d6779de

SHA1
89bb2361f0f3dc4facd134d1d138c04f192430b8

SHA256
0d8115b6de552202a1982a0d2804ec70eae3695e81e8077d08188e5454c7f824

SHA512
b0a689a2e71c286099ba8b96fb409fc7cec292a0f27f9e5f6fd7242cf3b8d864c0f08b72d928a80d0933c1d55cd6b84fc3cd7f6cce5a50d56968473c6a1dbcd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7d69706c7361017a31ac5b5b2dd70474

SHA1
b296bab088af3975cb0cd3203ba8919455f64e0d

SHA256
1f44efe6a892c9ecf8e4b00fab6622d1680c7f114083238a3bd66d1dd0c65f03

SHA512
54bf61643156af3d97583336227a0e95912f714931a0aaa572044a4c396a7ea0b2deda88652242db90dc038efaffcb8c89527f86e7b138b6c3bfa3fc09fa0dc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
54403e73ad9b6536c2974245ac4269fb

SHA1
315b27fa586a2ecf001d138dd735c30dd02949f5

SHA256
46cb4a630a68549b410c5741837c2b22fa9e8407840a46d7711a52ce4926a206

SHA512
7265fa6e0d66dcc0ac43ee97fbb94828ed0a5ad3ed4a937e83582fa80544598b8c99e86b2656d48e87bf054cd69df5445fe28f42189efad2ef3b24eea0c97f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eb7a3c4f39210b78c30fd951c263bc7e

SHA1
e708952662a7f3e2cd589cb3c19260986a18d746

SHA256
24a7b729b4c44b5337f2538cb97da16810d0658de393e9f598e6748cd1571188

SHA512
54618ade1530b15963a4836da80ac7d9d4d4ce9b773dcc6d744883f79d68866631f69fce1043013cc6b814549c02597a0d86ce46307d671399d05a3778cca6cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d00c159841c624eaeca50bb7383e3815

SHA1
9c130babe25deb72c475cbaafa282804014dbbbc

SHA256
e15da8323f3be8b08f09cd994048cf3c7d074b5945af26ab88209edb64739707

SHA512
8f0863625b4a42bc9b5b3fd1bbad8ae0a9e4fd0255e36a51544e7a721d61367892e58794a752a6db7408d5208ca0c58b47136e00c91da71a88f7da3959bda177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aca8593a7a9b46e05f56ddeeffe97741

SHA1
0ea72f0e3014b8b1c2f2933fd0f237d7ac57c1d3

SHA256
61aea0980e8491025c2f16f831c90e6944ce069e08294124a50d44455b6cf064

SHA512
2869ad64f1d1271a73fad6806eca138400bdfbcae67b281736e8a1c446093c0e296dcc3427c710f5e01cbe377c5229f2368b61c50debe32470d5936018701275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
50d5d14b9fe8efe4a0ba115c0518810a

SHA1
bb3fc1e630ec36df619cc9320504b4ff7c60bc29

SHA256
801b7cbf681697e9b115a1d7c80ffb388710aefb6a27f9ac47bb2dd552417788

SHA512
adca15b7f83dbf6f17499ffa6324389ca64ee353d81cb46d2864db8d67e3918ad9c90e47039762a40c763734c91f3eac74afa758e8f9d9fad2b63a4123988a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5c30c1c95636435182382ff98fce5aa

SHA1
c995bdf3a40c97beca3d998a10260fc2034c334c

SHA256
a0af45054641f3dde94e8cac61c905b65f46a5f6da1fff8c22dd7eb305e1b92f

SHA512
42dede76864f52c955afb24dde3b9d402375873a8cdd5b3d6b3963d36f42908f89254b3f2454464fe2674c5974175860a85383ca8884daf5bc08878e2def682f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30131b0b8be73123b3b74112166a0501

SHA1
f9e7394333ff9324e2c2999cf3c1300f340f0349

SHA256
3deee73d08204d96a60435d88f400ba58501706fa6d1436551086a1da3d3dc8f

SHA512
3ca084bf93ee456383ccf63e681d66685fd234bccc8ffa24cb6e6c250f38a17a45c1a37e7e4674adf28feadb3bb0f57b42f317f82db15bd1859059eccfa4617b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2ae1184f16fe9a2abcd3465e79d33ebd

SHA1
1d5fb4e7ce4412eee68b455b13ddcb2cd7a8a7a3

SHA256
525cde512ec0910b1ac7eb65399b95907a0ab7b63e3230bfbffee5b4fe7f59fd

SHA512
38d844b06f52e4d24432d821f6def43f1ed4a7bb23eaaf75f290df506c8e9a57dc343774759606e2dc7a0ae8f77a2228f7ed14f1711d660c288c685a82d3853c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\be91ded6-cd85-40ef-be78-7e383827af87\index-dir\the-real-index

Filesize
3KB

MD5
8e6d76c6b2686b5d84df6a0df76bcfd1

SHA1
75a1eb338df66ab259f51a5bf4a6ebcb43f05877

SHA256
b60041b3ba28a2fb7e989f329b17b6ad19c96787bf8e975a06eb2cb39ce6ba5d

SHA512
02c93facea1f6996b7cd9b52b4044e7719bee96128d79e4e587baabfbfe5c64a0ec40612f23c5a18ae2739b9ede634749ecb844d547ea91dda6de522b7b16e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\be91ded6-cd85-40ef-be78-7e383827af87\index-dir\the-real-index~RFe5eabaf.TMP

Filesize
48B

MD5
8eb239c05adac97f76af579b72a31435

SHA1
14472dd23e9c4e0f5a0ceaeeff84c34ec34b4c9d

SHA256
14b13a6c8672dc642c21856685801d9d6bb622cbb3affb921ec2440d6baf8937

SHA512
029475100cef487dec6c35e82a9192f1d5a1cc6294d4bece04f2bf0a8e2177d19655a9a76ffdd22c8de5726c38181cd9967dd6ba7e5bffe2152e235cce7f3811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\index.txt

Filesize
127B

MD5
1f5b90e8c8e7291fa724ac03d2b687d2

SHA1
9342f4043f261b8fcb65df77f5af9ea889696541

SHA256
b5f6238e8342e84dcbe742972ce36cd4d407fc4b40898b12c4395688560a4fb6

SHA512
5f4136379b071f65a714b91b398bb8c1181eabd8916cf3e7c5c5b7f84a681144f09721cbde66c92fbada2b1ea14353be6076e2ebc9754da249b655a580e9d9e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\index.txt

Filesize
123B

MD5
63bd7d91bbf6a8915636e50d95492cdb

SHA1
8de2fa4d17c6d3faf2c480140e2b85010cd20962

SHA256
a1103032edd7e53e728d709d05e9ae3805dbe9389bc737ce6e288bcf7e372d7d

SHA512
1d3e791c1fa8b09b108173f44f93d3dfd0958d095aef4ed48d9971160ffff55e8f2c0c4eee441a91b3e16274162855a8c484b15eaf73babf24ad759e0ba7bfc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d2c0b8f16f235d23f5882ac39b47b114

SHA1
9a1114ac4f89ff468121d0b10b7932b842f127e7

SHA256
e98ab5e39059cf163ca000cc7c577712d4501fb5886ef197c24f72945e47f0ef

SHA512
1b259a89094f0a8b25e8ec1a21bef72b24780be2e6efd83683bdc2cb5e8e9d795d19c8e7012d4440578e7daad3f4ef1e6bf54c2ae57954c566e5831326498601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e97d9.TMP

Filesize
48B

MD5
f90bc0f62689657119c627fec916eed4

SHA1
ca3c67a5eb19514e86d6b26ae1ce2afeb79968e2

SHA256
7d237ad4d5a77990ef1f4abf044d2f6e613cab5db4c84d357951a876ff577f64

SHA512
0a178d01a4f94010377185afa169bebc9c3260d03be84c5559a07142c3f04d57539eea8063b2e24d21210444bbaec1fdf7abfa7b520a4dd73882561119cae533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
866d268665d24c37d3170943caa31b61

SHA1
887758659631f61c55a5913890a8e6e9b075829a

SHA256
2601a81c5c72e0ae05b80e053faa320074a599d3cd35fae5b956aeaaddc3ec9a

SHA512
61d039785613e71bbd67f3821477939e91ed97d51d797b21b5359fb90f9efb8d2c37a172f6ef35eef7f912f1d2efe72bb1bb6d5f5871a86a7f12a7d9c2dd5562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cf1ef14e66ec489c7a05e25a67090bc0

SHA1
987b60144d6a9ddf6db3e359be958e7938ba398d

SHA256
253ec2c9b5bb92c68d2f1ab389855439fe7e7ddbe00447a9c7167d8519ca82dd

SHA512
4c3735cfc55481d0fd9fe3d7e81a434ba3de4cc065aceb46cb93f8d499bd0c954313687a2c9eb4a3e9c54f0efb1dc896fed669d28b6217b98e5bbdb2bb5efbcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7e8f371fc7a7ce6ab28e8e654742faf9

SHA1
42385221682a5483ee1b32e4b9bd5c1a319138ef

SHA256
fd679b364f7bcba65e9a00265f248a56914366f35bf9de2fbb079e70bad8d0d5

SHA512
cbbc602fd22fd9ebfb395c57598dadefd372ea543c336f934354b5a4ee7928bc60c136695348b99e39ddfe1d9da6b8b81d4e5c6baaf4a99e58d31a7fecfb1033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
81161c4c832e1c516da8fe78b3bdad86

SHA1
1b4916e818fbd955764ecd5189456db8676a018f

SHA256
c6e267028d6e818c11c1a4369d0bd74f7f642d63d54a8460fa05aa2bd1af91b7

SHA512
fd74cc1ae4e10898cbbf625ef8dda0b6aa086951af439be91a4ff69ac62d6780329b777842570e31889ab86eb0b4044adf2b3adef32e2b167aa354c51ba9fd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c030cae04acd65e3ee8f088cc35044f5

SHA1
4e74decc2f8a057f406bfb3ac0abd7db276bf9eb

SHA256
e343a23c8ce2439461d9111022ee2d00a5fb752f4d9337bd3e770b459d5f3e3f

SHA512
0c6d0bce5676d0bfef4ec75ef71194f781f0e06fb53d72aeb13f574e3129e45b8cd592ccea87788ac18545184b0264f3e8d9f15ac465bf892820bc192b067d0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
95007ca0c611972cd021ed07edba31d6

SHA1
f0987b912c23975184458a0b20401a68a2a3211f

SHA256
3d31dd7bffddc7b8caccee7a795b50ca7b4bfb5aa44ea9f25759753627652983

SHA512
961a709aa09aa91ddb83567e836ceca6a14f098409297094b41bb5594aa08d24ae01e95b0f42d5d0d9ae57b3fab1445709b4adb1e8836067d5c13002a42454dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6f24a957a8de33a3d090f4154b2f4c00

SHA1
5137fd3031d78fb359eb2816d7f38d5f8c1dbbfe

SHA256
7d6fa2cc0e2934c64da5cb47ac4ed5f08e41e8da526dbd9aa1fe8eacc33bf5de

SHA512
8b9077c3856323053c68350c63e73d136563441504e6e59003786a260ebfb9849c0a8740ec28e2840509d3f971b00ef580f17481e80eb2d60ec6cd59326597c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3a0d4f665e60b3f5a800972e37c7d946

SHA1
5fb22e7b4c5e10d19ff0a3325b4573c5b7411658

SHA256
94d54c49b8c412e043191e457567ef12fc3107c819cae7accc986c3ae7c2be4c

SHA512
8eebf18c03283a56263b7bc3ad6f51a4759ebc0095ca6842e04bae1a19e1745eacfed6ea8d4f69ec3a1e737126d8e2808284fa431d1e07174a5915d6ff2f39e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2feb8ceaee06e57ae7a0a77a9756d028

SHA1
780e4fb8c7a1a5fa60723f3e7f5e7285361545e7

SHA256
9002712a7049be042e0a6fb01b1c51ff1dd610b299a424c7aba590924e6ad1d7

SHA512
da7ec0ec6c03447fbb4261da0378b231fd6e2ab05d803d8b90dd4430fb4bfc47f828d53275ef507a8caf5fa34a9398f2f55496cc3661fe5c9c4c55b3fd69f426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
59be011a4e40f2f97ab8ec15ee45216b

SHA1
6d91ffe4d276c76750f6dad5f3959ceca13f600b

SHA256
fdcedb1398c29a87bded6228b1efaf0a91034c356499df976e45302feeb5ae14

SHA512
28feb114ce579f31ba0e7894e5d1b0a396bf108a7492c969835a7ab03a533d9e6459bfeecd1760dd0075377b8fce152093fcfd63c6033bed1be35cd5b65dc785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f23ca1f7a5d5377ffc4862a5962b62fb

SHA1
3cfc576129c9dd00fd9778d9ecbb674178f14e8c

SHA256
90a439a4cd2004cd68b181dc6c6fa0550b62239c0c8d1c179a05d456147f661a

SHA512
a07dae061f35850d18efe4dd7f6610208223c628adf610b69b296de7ae68a6fc31c08551d167e94843711ce4fee0faa96f23bd4494537d9fb15f217dfa9664ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f7653448d9173af92d6f77046249e568

SHA1
4313a6ad58aabce04f0619723edfa66bc678f870

SHA256
301353ebdc5fd242b938e4d9c6a6d33be6226e41674dda9b1e3d78a11d40d50c

SHA512
f455db759e016517fb53a8378e619802564b65aef21dde15f26fb0fb0bc5ed17af1ad4edfbe0a654f2bfd1cbdd584739854cc9f75402959b8ad3d0d672d7bbfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8a94f019f6a5c6cda3877c85e0660fe0

SHA1
4bf198198fc36c30f3092b97b87066d9a48f4710

SHA256
1058c9f0e003b2c66cdb5b6adb63032faa3395501790aa8b948b7479df943738

SHA512
a62e6a0590da0a4a62f8af1bf5846b926339cf0554449076b9384120e418375fbd660596388bd9ef19099597fa07f5241b0aa34108f066689ee154361fc09066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e733a.TMP

Filesize
2KB

MD5
89371ef54b4c44a50895dc6eea1c91c8

SHA1
ab087b5e1945354da644109d2a2534c3fdd87e4a

SHA256
ea24c7569d92243fe7cabc740b14d87cffc343ee5f42e4df070d5ece0539bf0e

SHA512
523d5ddbc955d5f90609406acf57f0fd987b08c222a6e4e117058a93a83e524cb45010c7dbc7a7b6d1194bddc693fe1f36697091cdef5fa9e2b06dffeaea39a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
eb430b849563b27e62e185a96627f54d

SHA1
93933ea43cccf3af395a45eabd6f82a05285d835

SHA256
381fbfc27ab1affffbeabb9147e9fd372007dbaf635844200a39ae0ff6779522

SHA512
a294d94a0d4c305e174fd1c092b2b500f38f6c50fa044481bc32b0590da03cace7a24c8bd1ee2f1b5476a9f8d02231d97433ad5fcad9954378c2041b0c2e0b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
775648463ce063e021b41cfd9afa46e6

SHA1
e0c2aae89a4566da3a16b2c7be0f61f32a7c6939

SHA256
7511d7daa5ff16548cecb15d9c759b6e20e876d0a8dbf5e7fe5d74e52ca84244

SHA512
b0d88bbb9caa07b447eb471eb76d1b043e79e75828ca77c73a1a1e5db491f93d8f0b2ce5acac99a0f6f659179c89fa7c038d281aba0ed14add374d6729770225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ab2268bca13d8204efa35546aa886e5c

SHA1
594e29bbdbb9c2652baebd8239132ac30d4f9399

SHA256
8c5e59e99f268113027cfbeeb343fd53bf83d4e5c57caea99145e7c70f6d4cca

SHA512
e4ef0dca6ff122b106c687389f3ed37f6c9894b601f62eb2678bc3c4c15182d57e89519afd89b7b38c233c495fbd27c62ec000f0b4ba5eac616823162cbd86a9

Download Submit
\??\pipe\LOCAL\crashpad_2308_GUWOCRMFWIDFBMMX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit