hxxps://qx476hb2[.]r[.]us-east-2[.]awstrack[.]me/L0/https[:]%2F%2Flink[.]sbstck[.]com%2Fredirect%2F8c34dafe-7d40-4759-8c26-75472688d698%3Fj=eyJ1IjoiM3oyMHY3In0[.]QqDhAZjsHzRebGt2fCZ1o0v9_q3G5DlBtHVdybO84zw/1/010f018fea7aaae7-3a32dbc5-640f-42a7-a9a9-62cfa062bcc8-000000/syaM0nZgd_JsUXBdHcceMur-5S4=162

Resubmissions

06/06/2024, 14:04

240606-rdm4zsfb2v 10

06/06/2024, 13:41

240606-qy359seg9v 10

06/06/2024, 12:43

240606-px8tpafc43 10

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qx476hb2.r.us-east-2.awstrack.me/L0/https:%2F%2Flink.sbstck.com%2Fredirect%2F8c34dafe-7d40-4759-8c26-75472688d698%3Fj=eyJ1IjoiM3oyMHY3In0.QqDhAZjsHzRebGt2fCZ1o0v9_q3G5DlBtHVdybO84zw/1/010f018fea7aaae7-3a32dbc5-640f-42a7-a9a9-62cfa062bcc8-000000/syaM0nZgd_JsUXBdHcceMur-5S4=162

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
4840	msedge.exe
4840	msedge.exe
4144	identity_helper.exe
4144	identity_helper.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 2324	4840	msedge.exe	83
PID 4840 wrote to memory of 2324	4840	msedge.exe	83
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 4872	4840	msedge.exe	84
PID 4840 wrote to memory of 2068	4840	msedge.exe	85
PID 4840 wrote to memory of 2068	4840	msedge.exe	85
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86
PID 4840 wrote to memory of 4004	4840	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qx476hb2.r.us-east-2.awstrack.me/L0/https:%2F%2Flink.sbstck.com%2Fredirect%2F8c34dafe-7d40-4759-8c26-75472688d698%3Fj=eyJ1IjoiM3oyMHY3In0.QqDhAZjsHzRebGt2fCZ1o0v9_q3G5DlBtHVdybO84zw/1/010f018fea7aaae7-3a32dbc5-640f-42a7-a9a9-62cfa062bcc8-000000/syaM0nZgd_JsUXBdHcceMur-5S4=162
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0da746f8,0x7ffc0da74708,0x7ffc0da74718
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2552 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7728730655824875399,154977606557244025,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
34KB

MD5
fdec301e70a81ab399e162b9782c232f

SHA1
a98c6f7061f3515fa5cfac6a0587eb344b56df98

SHA256
5d645950b403881efae0e495f3466605e33f132471a156d60d85eccb8c764c0b

SHA512
c99c0dc142ccd4e28bd718527f9d91ef7b79cf40eacddd0b9527f6502e4022c023f98c80975f5c4d0fd1682a5f4d6cf1319bf038c1885d0cfe0a2062c05d6691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
46KB

MD5
287abd75f62b98e213ad838c680faac4

SHA1
4436d24cd3a26c41a094c2ea2afa05b777b49a2b

SHA256
e55868766a80913f14853f753771922bd50987e0fc56a0e4085b9b28406df88e

SHA512
36917ae19110085aa068483f79d12a081eca60e1daa3942f15a21299ee8efc8782b3783b07a490dc3f35b327b46e10371d470f98c97b52eada772a8527295ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
39KB

MD5
bd09115c83ccd3541a3ba8e2e2145312

SHA1
bd03ff7a4175303a07c5ef93e7db64b93304f3da

SHA256
f8977fb24834358417c58bee7a64639511b11283ce73df2d3d3ffebb3452d545

SHA512
434d324373069c7a39147a5c2cc952040fe6cdacb666846c22689f6f38716af8a93694e2818c6c35bbc725a16d13a3afa8df89ddc08afa48aa3c100250e78ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
81KB

MD5
70a9eec445966e7a66779b38a06ee2bb

SHA1
2588cef231c9ad1f8d4c5603dd2d241fc48b7a89

SHA256
3c491a55ff1eedf2e2cf7e7bdc09f457db643a3f7903b28885ddc23660b01cc3

SHA512
f3af0541a482a31439af384f7596e0af9a6cdd9e2b83ecc95df7804a4ce885d3d5295ac66f818a60b729ccd8e892cbeb614ad3954e79def0f2f44fa2b14d3658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
22KB

MD5
9196e81f8ed7f223d765423c1f9bc8a7

SHA1
88f9d5c2a6908cf36b8daae803578ca9e1fd2929

SHA256
a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe

SHA512
e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
86KB

MD5
d6dd75ec215292d2c84b6cc005b82090

SHA1
0d7090b99a2d362e41350472080e96b32fb62137

SHA256
38fc9d2866788ef9ce597633b751d408d0f8e3b1291e1a4a009942904e849744

SHA512
a8097ad1709f6b0608023607a7d9f8d11bfe42d3a77e115357755faf152b2d7e560458708e71679aa4ade017534be09317ffc77e1de1b7ecaa5b5cb63c4f26ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
103KB

MD5
e70d953062ae52f0d69191ea8b45b2b4

SHA1
189c42d3d4d5151fdd5a4496c1f0ea3d8448a77d

SHA256
24493630d6bb7557628de29513b238aa8fb4ed650e3e8af975bd0d07dd46972f

SHA512
50a2e44eac81ab06316cf7defe34506a5cff6832d8927b8b60edc4606d9a4019b092d1cb0fa5183a21f92792c09e9ded01f789d19b3cac4ec62443fc7ea2511e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
46aa4fdac0647c2d920b12a57d5c756d

SHA1
72956528a2845e98f575de023424fb79f4bafb70

SHA256
ed40dcedc756e6ee4322622426671babc3801bd7bf88f28262c30cfd2a974d2f

SHA512
47aa9f28a11ec2cbf9309056843e0cac42491233c6c711f95c34f84152a93740b82076de1dd3ffc79c32bf5fcfe32b84fe6f79ab1506f5109279db7b89646c3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
32KB

MD5
612109e2b2700655a0020847697261fe

SHA1
0328b9c72982b69ea9f1c5aeb79220aeb6bf3142

SHA256
6d3f599fee7c90b78295c1d632f36983034a77620d46a42f58d6a79eeae61f2a

SHA512
a1768e796041db155c5b54eaf48609097f36ec579fe8c4ff740f0ca5a6448d6dba7f563d2fe7d00fb1f1a25bed3ad337148a377332f7ff9ba32fb6959948f1d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
347KB

MD5
df5987f8fb9fd53e3bcaf9b1cb1e7168

SHA1
5cc36df0d2581931a98cdbb3953c667c127957ed

SHA256
3566d52af34f665e3c139114558ff1450140500347843e415e4892b1686f0541

SHA512
1853670d1a0ea1e39949c761da52f403c53eede2cf48d25ee4fd7f4fef1cd6bea8e3c14f0f6bcd9557ac6a96ed7fc3327c65f5d70bd26e8102cb563607ba34f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
199KB

MD5
ced6cc12877acc33108bdbe8a4402a36

SHA1
ec42b6fcd6ba42d903c2d8d7d960ee75691ed3ec

SHA256
0864fea7892a4ecac001216305d74ed7fb5c388f817f07860687bce216373761

SHA512
abb7f2f909b32837f384e3bc855357c2c88e7ffccc9d1e074c5efe6532bfd9abecef5cb832e6a771c6591aad553651610e6108c4208f35bda94c9515adf2a551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
392KB

MD5
70a5e71a6ebf76e5605760a6ea4e9b79

SHA1
510573fd39a2634ec7c57797b519c0c108d149fe

SHA256
7e9eabaca86163106c934acd7c18ef4937b500caf0a6028e74f83842e48c024b

SHA512
f816b059af47c5cc5b9c851e995d39a503332d0ca372e18161c4d9d24ac974d009f5e518007d7dabc86c7a5e73b67298fcf6d0832cfd6e1d8d77829fc2be3da6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
35KB

MD5
5009982b60a0f93eac4c1728e5ca17e2

SHA1
c0f932d333b91a4b971a52ce88bc96320745064f

SHA256
2ffc0ec332938cbce14008ab246c3d918800189aece932e92bedd8adb8332fe8

SHA512
401dd0a45c177130628787b92a17642783d27b1a977833af4110d81cbf2572a159a371beb473baa07ad38ac8297551aadadd2ebb80401a73acd580fdc03964aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
63KB

MD5
75cef597e154640e431615e6e98f8194

SHA1
e0a1fd20b91a149f4d911e483817eaf28ec2375a

SHA256
8ebdac87927bd057f4cb22cb44364eba9df15b4fa8e84f796f14b91a7e69910d

SHA512
10ab259b6c9ff2cfff399c8564fe80650711fd764c54eb75dbd2f39b36ab893bd3e28405dc998fd984c11ba0f322c55f910c4dba29c44a6943415e361bc59a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
33KB

MD5
137a8e0928f29aec501f7e527b6d6bae

SHA1
cc3bd9805e9eff867b6e3e2a08a7ac5f96b8d3cf

SHA256
c1e57b0593ac013214d421728a784cc2fa8fc44a031170a477bc9b646792b668

SHA512
774ddddd618e403f0bf65fac8a37a9f9ddde17a5fa83f99296af4a9a1d07e1c4421d209daf86c0a372fe424664715ad4d641212d727b4631533c8d85deb44ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
34KB

MD5
ddf0acac33a14546cc4dc758f1111ff9

SHA1
cb717151dccb10c18355932db3d7028d68d9b00d

SHA256
5e3291d40ec88fd6410e49d6669626450b1771d2775c577e5e1d001b901bdc4a

SHA512
c320c05d67c5f74ff84c25c4c4910be1a60e7631a48c9698ab772d04712107bc48600ada3d2872d76ab75fe64f53554b06fc791d7ccbc8c56f9e582ae19c6dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
16KB

MD5
c539a474c7ca126faeecb6d2885d0f06

SHA1
36dbc2e9703396554f88cd0cb08e1a22950d82b6

SHA256
e45f23324861b541f896f87580137066a83df04c088444e270c1584e12c9e184

SHA512
6d5e63fa71d871dcd04a5190e168453c68a067a9ebd4a50340dc4078afd90c4f5a66ab6f385e645dc332c3726df674d1bf11f1d01f9b7ff43ce177101ef83006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
80KB

MD5
7d438eba3ba6139697a41f86ae035edb

SHA1
a22bb7db3151bb544de8dc7fe9f655dc07e9bb25

SHA256
1c3c81ba14edc3488cb57570b93e290a501dea1b07e126dfcf40b56b3ed1c4cf

SHA512
2ebd941be16fd273494611fbbb642a01b32bfe288ff928c7863318926121b93d47a498ca085b33d9848ab4a1d379783e18ae6aa7abec49148c5236fce9fc5210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
482KB

MD5
c79981988fa65c407abadf881141a0af

SHA1
e92f70ed8fa5e77a0d86b5c3cbc6bd06506f1ac1

SHA256
abade5566a56bdd4ed901b9f1eda09374555e94d440cd8c91ae11adae8e04231

SHA512
fabd8204773a30cb8b40fef13509f5e4dbd62477c68022b22f986c0cd3fc699a308500c18d03a9c6e66b5d79fa06486dbbcb62af6f19cd7b7cdd2acde797605b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
732KB

MD5
ba441de02deaff1c0fae5fccf05aedd8

SHA1
b5d3c90a7f4b3e154a76d979212e4ffa6054333d

SHA256
d2e948bbf6b718e09c91c78dad1e98edc156cc227e6d2fa03400e9e9332112df

SHA512
209c1079d1075e6a93f1b4cd9cd9aa4ce745c3bd658bc5cb927b7902c3c87e23d9bad352e6bb0f75c2bf81f5341caf580ef22cdf5baf78c505babc1bfd48b593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
27KB

MD5
a6203e76ce4f054d3a87adcb1e8dcf8b

SHA1
96f4dec43f0209c348123939b2da14b8a15a2380

SHA256
16d90cd020dae1f07d2f40ebd328e1da721f6c4f58be474b6ff66170ed24690a

SHA512
c5d06da9f1e5bbaaf13cea736cc57143ab0319921e0dd8fd3e9235d97d77b8ba747efc70d925c730fb2f0b10ded3a117b11b350e4837b5ca8a9ed2b56dcd2899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
79KB

MD5
e51f388b62281af5b4a9193cce419941

SHA1
364f3d737462b7fd063107fe2c580fdb9781a45a

SHA256
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

SHA512
1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
103KB

MD5
8e0a41c69c519c492e4e615ae26f0655

SHA1
6abff874b3eec0d25b61835001136a8e247cdef9

SHA256
d70d3733ad6cd17a0404b9cbbd81e635917db3dcd410facfb6daf91cd4b7499d

SHA512
f3a2db613230d7b59839f8016e9d24339d784b30934c770caa979140d5f5e8b1e87df21abf81ce8862f676c3d3e0da49c499e9a2df1f81ad31d97221828290d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
360KB

MD5
6f23aa883cff3240640ae4a57690c64d

SHA1
f1f5b6e67ae60c93d959d331c5a7f0123dc66f6c

SHA256
60db380776a21a5897f3dc67038543ffcf823084fcf2cf2459381c16515ab8dc

SHA512
10294cc6dad89b06905787c57de34da9cea03264fb289f24b4148dd05377fd421c3376b499922350c3a7232d0c5d5b6803ea62394476b0be2491fcae6bfdb973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
242KB

MD5
ed8cc3b9d7ffc46fb0171dc89b27b5b1

SHA1
ce8aef8fbaa7d871b5cf117e6d041ead028b5a57

SHA256
3bf3b079715639fad8e5fb9f10ce755097c0a1f0e7c77c84794b30ddca1a523a

SHA512
d0337d6fb55e50739c2234f0375b946d048afe66936b2372552af6c1519085006bcbd08218ca767528d57f163d7865e46f75d202efa1e1db6594e02ae5d81d4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
603KB

MD5
ecabbf1d194973e41a54f292c360bf9c

SHA1
74855b2633746809c89d0c4019b2438786d5e483

SHA256
eaefdeff05a1472df3f0dc4f4dd6a104745534a381301fbfb5355d556c5d2dcf

SHA512
0d47b71593db10da6268c11350a03f310b35d379942951c8b419e9456bcf812e89033478f5bddf9a63b073949101efc802bca9788a8a42b3f7484c5be00c786e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
592KB

MD5
260dc23920e822f72ed34da20935b088

SHA1
60ce8af3b4c4750e544ce7545851135d2e77df8f

SHA256
0befbe8bfe9d3213fe8f4e9fd12b9c4074becc066705b07c9dbb92a254c70be0

SHA512
ba8871ede42020aa68b3c724e741e1c0ea07e4114cd2d41a0dd732798cfb782fee0e6bee3459b06bf50e5056fdcf97d6eb916d06672b2a337e89968e436d4c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
575KB

MD5
f98cbad29e0f6004d292138fe0740700

SHA1
862c514d05ee8c4cf72212fe88a926a2d7a7b848

SHA256
3a890d41b7f37d1cc792e2cc99079023663c49f856d478d3108e9639e0b0d883

SHA512
e00f4099e3126533a862cecfd03c995e623cc2564357f3882babe803aad5f12c00c5b92a7f01ce7ec771549a697aa4814051b25f802a368656a030ab96ea7c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
544KB

MD5
a37c758618d1d80c574b579aecb2285f

SHA1
5a462b9a7f9d3793df0b5f58d24859d2ae8faa4f

SHA256
262381fe74ae374d5baf710b4e459f1c3cef206f63d87e088b75a1e2b883da47

SHA512
c92146eb0fac396c685d9fa53960443a25e756988eeba7fb9101ebd394526bff72e1dcb9e3532880045ecca50b7812cc359dd5eeb4ab00f4af60f863bcba46ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
626KB

MD5
4ecf40a7cf6c240e22c4b7bbb37a8e3f

SHA1
86414b546cd233295d016d75b9450d5ed41c7f45

SHA256
f1f865b9a807d96f6487a6f689b76d9343afd47e61c9e4b3dba75814a9a56fa3

SHA512
cb5ae6157333113f8dcce7ea96c9c46d97b39bfd9827ac384abca9e70dcac7e8372d4af0122a674ddc0697ae9473644d2b9af3b1b98e795183af386eb6bc4231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
1.5MB

MD5
9b4cec7441b4a3b88b8e250765954685

SHA1
10b8e8154dcd995de74abb9babd70d3b3540e908

SHA256
b46f8c8c255e2a064a58c7da417c4e57a91699aa74394f423ed7ed468cb7d62a

SHA512
2f38277f2ec48acc51454ec5f058588cd774299064129b790bf5a1eaeabd7150764ee48bf145aeed4c258757dc1ff9544368bf09d03cb0d2cc6979f270fa044a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
543KB

MD5
a6eab7c10d647084e916d3a101b3674d

SHA1
b62ccdaec35a2af87a41e18dc05c0e7549b2fd11

SHA256
309d7fcff266b2f83b4bdf3b6d34898d1b4562d0babba5a62b4726dd9d3675cc

SHA512
f4642392ff36bcc0ddd36d2a3738162cdcee69f8d6a915d463bc6a13ffefa1cf74cbd6e380e22e6105ec0536eb2561502861838bcd7cb3bd3df0e2c29f31a9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
514KB

MD5
ae451a4d68560ed4fafe22db101c5bf3

SHA1
e853eadcb427c6bfcbf686f3aa443241cf6875ea

SHA256
196d0b4ac422c02560d155d1c477441eb65539f83acb974edf0706f6d7f57719

SHA512
8c87ddc5bc6300b0297d7b2cc5b36cca3b50630cd9302d53c2cdff4ab50d738d8d8acb7c3c8e5bc4c76e7fc7af45de5b037ed7ae9c4f8ebe5c04d5fc5ea93fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
710KB

MD5
b9cf5f15dd303e54285b51efbe26d8b4

SHA1
2c5eface553f11dc67d0f2f46833f4e4f24f3461

SHA256
6ebb4bd416219a0ee16c47bd8c08b43529bb1eeec4160bff34b03c18753d55cd

SHA512
08aaa778042bc5a5c62b0d5f5e6432773c5ea3818ea75ee45154f63b0c8b0fbeedc40a08d547cc7108dd5f3bf292778495f451c214637a396e2cf0cc0052ee72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
1.3MB

MD5
26a94eb681491ff7f45483042bef31bc

SHA1
c1c8057c25189ad1f0cbc9a175fc3e9c229f05b5

SHA256
47fa8693a300e3ac12bb91caf8046b966dad8778250f98a560274e0df2905da0

SHA512
a44df4a8e5656b0e7d5e38e8f63b82a4e347f9daa2eb3b09c878392942fd8ece51cb0ba08edde1435904220a2a9d8c7c3abb7133cf019281301a687947b72aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
51KB

MD5
808fbf34a5d219a5f013299137a5767f

SHA1
e1a015de1a82ea9678e2cce536fee37fafe1c672

SHA256
c6d0f89ed569bc22c288b2c7aae6fb7a5f4bed62a9abfffc185eb14698812b5a

SHA512
b963ddf9fff1cf3f081bff5137f3fd110d770cef07c0c0e1a4fe5aa71ddd9ba808024610c9fbf851732e85aee817f14b4109ad26895af92a3ab834599ec5deb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
40KB

MD5
41caba792bd0815c50d2586663a2f6e9

SHA1
8ba297073f4502b840d2c5f0a24ba9d515e2dd84

SHA256
8dcaaaa16bd33e6cfe7af170332ce93febfc6e8e7d1600d1465732e4405e08a3

SHA512
0a8753df627984de1cbde85ab8b8fbaf49f9b76a5728675eb7973a0f072d31f00a4b6df1b9a459d3bc6405ff92a70acf9d1b5393daa0c1a0d34742800cc9c9af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
21KB

MD5
942e2ba31d132bbe2486ff1e36883a86

SHA1
bcf42c590a69f66c3a2dfad64842e44913b69778

SHA256
c592232c7a1dc346f52af20881107d4f337fc6ebb50cf671c03a3fd01f64da83

SHA512
5f52f31e1882e074500897243b4ba1413758fdcf535f47fe9ecafa15436c68195477f51cd3469dad4d8ffc391c30e6e966280c088d4b7a5c50736ce85b157caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3bc44f41b1c8e81cffaefbf079cd5f82

SHA1
73a1c5522e22c9301b465982d7f65e97a3cf9dc9

SHA256
9caeba7686a27af5b35e32918e8344db48fd260d6d91e6a61e02a326588873bc

SHA512
e4ad325759c43124cd24a5dbf2e85ddc15298d31a8512f98432c15623821a00810d565cd582a1629340f9c311db5708c015a535cfc426ea115698f62c377d6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
eb2f6a9fb63b1c4147a9b109d98d19ec

SHA1
54f356d6d67e63e493937a79820c462cb368e94e

SHA256
edb262e022a5cb080cc39772fac0473b3686a38728676f00a37b147e1eb2cd74

SHA512
ece675007883cfb65d17996d07fa1531e5afefd366e8f855828556932bd1c8533fa1a4469af4130d010a03ec181bac6119dfed5a9500712e891b6250a09a7fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
06139cfd1cb3cf8abd5e497321debb54

SHA1
01927eb4fc7fcd6510f0bb4ab645907b809c18eb

SHA256
6c5ef75712384767bc47bf3f22a2a1bcf4962a1282ba24f82e70a2d31c01909f

SHA512
a8c10b0ae386228f9e17f82ec43d0bb2d9fc5dacdcdb0187bfe4abc8981263a1090fb8a194b179ff6514cf04c4955a53114724d7f70cdd503f4a5e75771b6436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e998a1ed36f6d10aeffb4191a7960553

SHA1
915eb594fee4a0359df457df7d3986e7c8b95f0d

SHA256
1d227624d0aa7e65fa36675d3f27afae32c245ebcaebab93b45bfeff75c8df31

SHA512
89db7976d9b3b05e0857221cf74a2eb71a64e85e427023a12f260365e68346f9ea0570eb94b45fdd2b47f618846e035a270ccedf3276cea3353393c992268d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8739e689bb4df64992226ecd346edf90

SHA1
16a57a3c11b0765ecf913f9b2229774ab804c732

SHA256
b45f11af8afe9d1f3ac1380b73d5d3da688cb116e40bd6698f0120987f970b83

SHA512
b62b47a052e46ce41f3258c3b85caef763cacc0c541fc49b9455c0b836ee13c99dce289d55b1e4a0d9d766d436bff82157ef22efee6197fc75843a93effdfe3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c7142a17b84f6f6a9a0de69b64b1ba4c

SHA1
1aa0b023ca3c7f644db5487bfdac2a6614b55d50

SHA256
12cd9b440e2028681628141d3535a9b8d203f77e19d367974e9687cbe77da51d

SHA512
5654e17c12b3ed035d22d886aca144ef7e9e948aa9c94ffaad8e57717109cdefc849e187dd35f247466ac9d0ca30807d076932e920cbbf682c6391d97ea725e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ee9f462f5efe3ae10a01b8ed860eabe

SHA1
89499a1914ed8a6e9d9223dd39b3b9824ddfd449

SHA256
4fa9694582c26eac57e94ae2503339dadbc0c55daac8f1523f7c1cb670f5f36d

SHA512
d2299d7dae928bb418725916cafa18a74dfeaf17ed1b2369f818fe8b1e4ffe7e8900c23707819d2eca0c9701fef4f410d91a9605f976269116f4bab551b7179b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b577718349088a5077b9a58c7fa17dc5

SHA1
cb3873143b41cb86c33a8da8c575bc988b67e54c

SHA256
0d62f84358d384a581bec9224c8410c476b6e5b10abaf69abfc340d8f18c9b27

SHA512
77bc5fcc7d17b19ae15337dd2cfd4df4a4285c819bb9fb8b73ecff1a342ad99bc4c0aad1b5bfd511698a32d1cbc873447cf09b3ea897ae5f0c12d1c892d582c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c50fb7f35ae6f51dce6a7bc4c49ca0b4

SHA1
e0d05ab4b7c00f54a10f1fb6d2f9beea0e365132

SHA256
813cf29324cec2ac727dc30f880b903ae959917d61257e0ee273210b3e43605c

SHA512
d79a1d7c5858245934993afaa43626ac9e3365fb96b9608f4134893f6c7f98825c7aeda8653e1cfa4a581a1fc70ebb19ffe43a5dcbc23ae678c66d719ee0662e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a7d084830f6b267fadc897764d090a9

SHA1
22bcb5c13cac709ff1211eaa4a6735faa137a1e9

SHA256
a5a4d797739f102bf2d283e33fda344d5144be3d62423aaf8ec3e235ce3a42ef

SHA512
212afff7c2acaa02c9576e87a84d1659099987d5c15aa8dd805d995bc02c8d1351f3681931d817526860718157d34ce7b10464b8dc4f8385357d5f1006e37384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
354ddc1a1ac1415c574344ca7fb85b5f

SHA1
2f8160225f6a53086273f7d972f9ad252e71f473

SHA256
412fe5f92960912712baede354709ef436681721ea0f3622f23ae6f0e41eae8a

SHA512
aa34cf1668e37fb8ffe44b45fa45d8e0fca814e97886973cfcfa88b75fd44154bf040f69b4a246b0f8c289556ea8393f98c91b9cbc8b7e348db5239d820a8a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
65f9b03012d588aab78f82f3925caf2a

SHA1
66d16fea82e3c4c07ce01cb99458b26b5985aca9

SHA256
070e09f3f6a7f5af441cb62d0df3d4dc002aed924f4337bf7bdef17aad0d7e12

SHA512
735a6103241e23958e447aab08f70eb56ff416c11458f772bf94d65e43a2adf6fa9215263444c20cb5df49c26ed33876de129e361adb3d209c17c3ba1cb3ae57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d448.TMP

Filesize
204B

MD5
e01ae59c37125624933d77d2de601ba4

SHA1
0a124e8afb7688be407cf8d773d23e4687ca74d7

SHA256
800be0fb7018e9db7c51de1c5fa8383eb2349a679a6215f479307485e44f4a03

SHA512
d224fb9d180e333d9ae4fbb0fd9ca0d76cd7750a79f12ecaf740a2cc7ea7424faf19388d0504c46faf28302ea2708009d38755287a1a76ddc6c6802c4b8b3c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d68b7fc3b3908d8010be8df59f1ae471

SHA1
79a6f76f39b13d441429c4b9ec6fc331edc75084

SHA256
7bf0f5e7d9a310a8f24b110f48c52d3aa53724473623ecceeae0a448a7291873

SHA512
d1fea0b42cc47872b251bc1b3d1f9687c557a0e28faa9b7576735b9087651c3f36f81a3cb860abfca715cdd358f03d09f9af3c58ac0a3c8d567eb420680f7eea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit