Resubmissions

15-06-2024 16:51

240615-vctrxsxfme 8

15-06-2024 16:49

240615-vb39zaxfla 1

15-06-2024 16:46

240615-vabhka1fkq 1

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15-06-2024 16:46

General

  • Target

    e4309d620dd2286d9d43031969b9b4a9.gif

  • Size

    711KB

  • MD5

    0b6854c901b326c0b95e757fab949fc4

  • SHA1

    391a661ea5dcb72f9588c8d69fcab085394f7aba

  • SHA256

    d21373f9a13f29a53fba37800a3806a6d5db4ad64682428f1f47e003232576f4

  • SHA512

    5d18dd2c4d649b5c8cb7a1310d669522e3625ddab2c32565a48d35b17b60c83a62c4e18945a141e951e24757b74631afb1ec5cf3f155e7a6dd756289a9e7b7f7

  • SSDEEP

    12288:BQdMQG0S712bs3v1UCYWBqSC/dcVhOo3v3N8dgKznrFaJosdjduzVV6tQmIOvzC+:V58+vuSC/dIMofN9+cJosdjk6tTbr8G9

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e4309d620dd2286d9d43031969b9b4a9.gif
    1⤵
    • Modifies Internet Explorer settings
    PID:1464
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4300
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed8403cb8,0x7ffed8403cc8,0x7ffed8403cd8
      2⤵
        PID:1960
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
        2⤵
          PID:5060
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4888
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
          2⤵
            PID:5048
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
            2⤵
              PID:3212
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
              2⤵
                PID:4600
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
                2⤵
                  PID:4592
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
                  2⤵
                    PID:4564
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
                    2⤵
                      PID:4556
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
                      2⤵
                        PID:1612
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2032
                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3836 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1288
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
                        2⤵
                          PID:2632
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
                          2⤵
                            PID:1104
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
                            2⤵
                              PID:3492
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
                              2⤵
                                PID:3300
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
                                2⤵
                                  PID:1484
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
                                  2⤵
                                    PID:1724
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
                                    2⤵
                                      PID:3588
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
                                      2⤵
                                        PID:336
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5748 /prefetch:8
                                        2⤵
                                          PID:764
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5096 /prefetch:8
                                          2⤵
                                          • Modifies registry class
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:1628
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
                                          2⤵
                                            PID:5056
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                                            2⤵
                                              PID:3092
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
                                              2⤵
                                                PID:560
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
                                                2⤵
                                                  PID:2068
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
                                                  2⤵
                                                    PID:4488
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
                                                    2⤵
                                                      PID:3624
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
                                                      2⤵
                                                        PID:4276
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
                                                        2⤵
                                                          PID:3780
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
                                                          2⤵
                                                            PID:1464
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
                                                            2⤵
                                                              PID:128
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
                                                              2⤵
                                                                PID:3708
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
                                                                2⤵
                                                                  PID:1388
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
                                                                  2⤵
                                                                    PID:4500
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
                                                                    2⤵
                                                                      PID:1920
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
                                                                      2⤵
                                                                        PID:3912
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
                                                                        2⤵
                                                                          PID:3108
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
                                                                          2⤵
                                                                            PID:1596
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                                                                            2⤵
                                                                              PID:5624
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
                                                                              2⤵
                                                                                PID:5764
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:1
                                                                                2⤵
                                                                                  PID:6096
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
                                                                                  2⤵
                                                                                    PID:3064
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1
                                                                                    2⤵
                                                                                      PID:3348
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4484 /prefetch:2
                                                                                      2⤵
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:5592
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
                                                                                      2⤵
                                                                                        PID:5704
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
                                                                                        2⤵
                                                                                          PID:6020
                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                        1⤵
                                                                                          PID:2544
                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                          1⤵
                                                                                            PID:952

                                                                                          Network

                                                                                          MITRE ATT&CK Enterprise v15

                                                                                          Replay Monitor

                                                                                          Loading Replay Monitor...

                                                                                          Downloads

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                            Filesize

                                                                                            152B

                                                                                            MD5

                                                                                            f717f56b5d8e2e057c440a5a81043662

                                                                                            SHA1

                                                                                            0ad6c9bbd28dab5c9664bad04db95fd50db36b3f

                                                                                            SHA256

                                                                                            4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945

                                                                                            SHA512

                                                                                            61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                            Filesize

                                                                                            152B

                                                                                            MD5

                                                                                            196eaa9f7a574c29bd419f9d8c2d9349

                                                                                            SHA1

                                                                                            19982d15d1e2688903b0a3e53a8517ab537b68ed

                                                                                            SHA256

                                                                                            df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412

                                                                                            SHA512

                                                                                            e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
                                                                                            Filesize

                                                                                            67KB

                                                                                            MD5

                                                                                            daace47c9d67836b55c3c2116f031fb8

                                                                                            SHA1

                                                                                            5b8df914452cf3a1878636ada3c28fb5f50eb186

                                                                                            SHA256

                                                                                            3bb2f4ac5692de4d5352f19007ea15fedcec54b09d0b0710f67b7a96adf5e93a

                                                                                            SHA512

                                                                                            47e6d916afb90381b4bacf42b7cf3caca093eec1897d8d03418a066aff8695f8d6a75170c7c5e45a23915a5697cb896758cbe0d441d993eb905e181215f7f058

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
                                                                                            Filesize

                                                                                            41KB

                                                                                            MD5

                                                                                            3c5aac3450b3eaa0f417971ecaee7b69

                                                                                            SHA1

                                                                                            b3af55759f53c11420de104f5398f75e4610cf9d

                                                                                            SHA256

                                                                                            5a62b6653dff9c9f5b183c5010455b6c4c30750c0ad75af829d5b767d0a02562

                                                                                            SHA512

                                                                                            7eeeae645b45250d6b32454c052abd0cbff37fbc78b92006ec74a5d82d4c908f9bb9e873e9c1b2aaeb499c5639ffdc88a5ea550c5ab1064afdd09147d365fb71

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
                                                                                            Filesize

                                                                                            64KB

                                                                                            MD5

                                                                                            d6b36c7d4b06f140f860ddc91a4c659c

                                                                                            SHA1

                                                                                            ccf16571637b8d3e4c9423688c5bd06167bfb9e9

                                                                                            SHA256

                                                                                            34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

                                                                                            SHA512

                                                                                            2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
                                                                                            Filesize

                                                                                            19KB

                                                                                            MD5

                                                                                            2e86a72f4e82614cd4842950d2e0a716

                                                                                            SHA1

                                                                                            d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                                            SHA256

                                                                                            c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                                            SHA512

                                                                                            7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
                                                                                            Filesize

                                                                                            65KB

                                                                                            MD5

                                                                                            56d57bc655526551f217536f19195495

                                                                                            SHA1

                                                                                            28b430886d1220855a805d78dc5d6414aeee6995

                                                                                            SHA256

                                                                                            f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                                            SHA512

                                                                                            7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
                                                                                            Filesize

                                                                                            88KB

                                                                                            MD5

                                                                                            b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                                                            SHA1

                                                                                            386ba241790252df01a6a028b3238de2f995a559

                                                                                            SHA256

                                                                                            b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                                                            SHA512

                                                                                            546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
                                                                                            Filesize

                                                                                            1.2MB

                                                                                            MD5

                                                                                            57b0be737bcc15c1db1fe1930d6c4616

                                                                                            SHA1

                                                                                            d917e5c80c307ea8e77f0ff33fc0550ee939f471

                                                                                            SHA256

                                                                                            3f333be09c028ccb2b4d6a6a994f6f55000c220aa164000b8257084693cdc5f9

                                                                                            SHA512

                                                                                            5100834421de2327292e0f84a6494796e67d4894507299c48b1585d8fbdef2ea0e30e1cd866d9992aab3ba0fb5dc6eeb20f3543841b194ea3ef23d2f69afaa4b

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041
                                                                                            Filesize

                                                                                            40KB

                                                                                            MD5

                                                                                            dc618e061d68cfabe140b8be708ecd63

                                                                                            SHA1

                                                                                            7f80fde042b5cf118546da35cbdf17ddc3d6cc46

                                                                                            SHA256

                                                                                            c514b3244a116be900dc4aee0007634771898b955af033687c2d6f2273ecbe3b

                                                                                            SHA512

                                                                                            2e41eeb182bbeec6eadacd33732e6da6a015aabe00142adfe3ff6a5be6b0cce6e68da78db6c6bb9b112c65bf935a8ebe645f341a3bd5f05716add5dde63c2275

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066
                                                                                            Filesize

                                                                                            19KB

                                                                                            MD5

                                                                                            ce1093c800c0933d7c9674eda75790d8

                                                                                            SHA1

                                                                                            371c2dcde092f51b18852e2617bc6c0c176f5873

                                                                                            SHA256

                                                                                            57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89

                                                                                            SHA512

                                                                                            fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d
                                                                                            Filesize

                                                                                            64KB

                                                                                            MD5

                                                                                            be676a6820a16101eed8dfe9bc39211d

                                                                                            SHA1

                                                                                            84a68584fffc1863f604984161abefe9ddd727c0

                                                                                            SHA256

                                                                                            49e7c48f632a33abfebbf881e504a833abc8b5cf87d7be4dfa9b5b3cc86749ae

                                                                                            SHA512

                                                                                            3ef3fa135bd1ea25660d9b3e3cd0995d1f542d608302e99bacc22640cc7045700391f001f5ba43c4bf89597b8058d533282e92f934b6bfb746c9f2940b96af32

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fd068fb175e724f2_0
                                                                                            Filesize

                                                                                            32KB

                                                                                            MD5

                                                                                            3c8bbc2dc5836b84ba268878dfc3480d

                                                                                            SHA1

                                                                                            15a6c9559933017aa85787e5fd5a26ea88afd0d9

                                                                                            SHA256

                                                                                            629d9a85926147418d58a1e0cbb5380308e7f747cb9e21db89bbfd928de32913

                                                                                            SHA512

                                                                                            02508881d996ed60f1af812b382572579cb173e76297582a209d4b3cfdcbcf8e18053651340e693c2a8c512104c5728ef5df55f6dec21219374de2cca2ca79b4

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                            Filesize

                                                                                            4KB

                                                                                            MD5

                                                                                            dbd4298a4a136415ac44693645af91e5

                                                                                            SHA1

                                                                                            a2d87ef10b554eba00a17699fe1f7bdcc6db024b

                                                                                            SHA256

                                                                                            c3a1ccc830891367c4c2efbb5d23b31621b1356766620e67e1beaa4ee7b7008e

                                                                                            SHA512

                                                                                            5672124f5ff2b368a55c2da5cb684e01b69d599afa0c48b5a7cd4ec4b4a2544dc92707636ce346ad9a7c310617e503394ad7f97a1c8551f67b5186eded026d23

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                            Filesize

                                                                                            7KB

                                                                                            MD5

                                                                                            07027aade52cc5666d61624bcccad2e4

                                                                                            SHA1

                                                                                            ebe14e634519a36ab6f6b37c10f5f25f5ba500c5

                                                                                            SHA256

                                                                                            3b937b6a1cf5f5ca9369e74ffd292f05d1d7baae3ec1e442a24c7fb70541412c

                                                                                            SHA512

                                                                                            2a883872a1bd73ef63eaea513477268e514ccaa820048f2e7711f9ebc9f7189312122f09878365b9d48b72e4b885ff7100c06c560a0c4be2ac664140a3c2d219

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                            Filesize

                                                                                            11KB

                                                                                            MD5

                                                                                            72a3c22a78ebeb57e204b8df9db71607

                                                                                            SHA1

                                                                                            1f58e7b595529a0296fdf58e7d1246904bce7f48

                                                                                            SHA256

                                                                                            4cd69177f021122e95c73247849781dca3b0cefb49435e3b3079841129fcacb8

                                                                                            SHA512

                                                                                            3d3ce63fad09078bfdeb8801e2dcc4d30f803aa64e23caea4356b2a61d092edde28e9b49554e43b1c7f785bec02a0591848b24a4f547de0dac215026226fb823

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                            Filesize

                                                                                            5KB

                                                                                            MD5

                                                                                            29bd8664da5f5ea7a24ec831618f0258

                                                                                            SHA1

                                                                                            04043d61493ce978f9ce14c7d13a8c6f5145efbb

                                                                                            SHA256

                                                                                            c187a39643b8bc067f1b45806fc10d2983b45b37eb1a37c540e230242ac5f525

                                                                                            SHA512

                                                                                            724b49c54995198458df11d5d4a940b687f781c838c9294876bece2f1458ea157367feb060957479ac5292b4f143d415b339d7fe8957c0b03e1fe7bf0b0028b3

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                            Filesize

                                                                                            6KB

                                                                                            MD5

                                                                                            0bc96f7e0c2518118550300c09f8d966

                                                                                            SHA1

                                                                                            cfc749320994a4f787068c3c64bdaf1792784a79

                                                                                            SHA256

                                                                                            846ebd53af9c3db182e188bec2289ee86f43e460edfb56ed812da4f15b8331f5

                                                                                            SHA512

                                                                                            8ff369a5d4fd25068126e37521a7a9fdaeedcc98ac79f45c50fcba6665f6b09d23e59f3385dfc576f0d7c8b01becc4d5d4782778f7aaae20895f9994356b353a

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                            Filesize

                                                                                            10KB

                                                                                            MD5

                                                                                            6300ed9d7c46e93dcb2b1580f89a7cf6

                                                                                            SHA1

                                                                                            3b0779ec264431283702751829f8f1429f0f4598

                                                                                            SHA256

                                                                                            a0fc7f64145d6724d1573663a3efbe452b0de656492c34cfa26b21b7b44b5782

                                                                                            SHA512

                                                                                            92cfc4d00e74500e50a0683b47442ba4c6c0d4e401ef7bffb5a8408ad46a2c5096aed23cbad409311116a3c95f10323bf4c292917cab00762f9350fcfbc02e42

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                            Filesize

                                                                                            6KB

                                                                                            MD5

                                                                                            aec6a46fdd2f49793eea6bd23b398247

                                                                                            SHA1

                                                                                            7911ad6c240c0dbf8e64c44d66a915cb906e9c68

                                                                                            SHA256

                                                                                            79159f80fd816f272d1aa40ac1eaf09e3cf2dd91252532cdb133d926b07a4893

                                                                                            SHA512

                                                                                            53cbc60d608289de049f4ab8a327fc474c2bd7573e54e6d8d691664281f170905013676130144fa29355374d3e3b364ec55a48ac78b06406aef5611dffb708e0

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                            Filesize

                                                                                            12KB

                                                                                            MD5

                                                                                            c88e679c1c1f325822c1d1ad868a5cc8

                                                                                            SHA1

                                                                                            c0bcb0505a63c6687a1ac249bdd886a5a416d9d8

                                                                                            SHA256

                                                                                            5a037dd20f2b8a71d42186f10ce7f438243f0b75f6c6b04b0a6c0ea9c681af9f

                                                                                            SHA512

                                                                                            040a957e1fcced8c9a5b9446b38403c86ef0399f19a0ada07b5d68621f025cab6a3570b0cba5385690ceb9206959cd0b88dffc2f8a5cb9a236ffa4749ae17351

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                            Filesize

                                                                                            13KB

                                                                                            MD5

                                                                                            8c0c3332f5e76c594090cfae7545e427

                                                                                            SHA1

                                                                                            3b8a15203cc3b7b6a528b2fdea5d1db1471bb949

                                                                                            SHA256

                                                                                            0cfd65a2cae52dcbc3a47f8993e4aec9c63b8f58c7b4d3fce110a8889282f11a

                                                                                            SHA512

                                                                                            503eea73952ca163ea16d50d104e7cacdad2e9ea974100cc4d30143d7699f7a1de1a9aa4c5b56d1a2f55300ff3105e80e6a1ebe8da1a1e63e0040bb360a44c0e

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                            Filesize

                                                                                            6KB

                                                                                            MD5

                                                                                            d786cb222a1fa4a0f9ee072490aa5c93

                                                                                            SHA1

                                                                                            7489f865cfd5a55c7b6d331967860cc5c91d1c57

                                                                                            SHA256

                                                                                            ba636e5d5827ff85020926b13cb15a3f6bf6e6f404693801fc3d7dff4ac1051f

                                                                                            SHA512

                                                                                            f402e12b37435e0fc4e71070d55c82276fcfb32fda47cf8ebadb38285f608215023b0b9d0c8e0ead72cacf7c3aa2a5a0b5e4bd71fa52fe73bde166cac2bc4538

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                            Filesize

                                                                                            704B

                                                                                            MD5

                                                                                            fdc87ab96abc169f7034afce7b1be936

                                                                                            SHA1

                                                                                            1768564dfdfb61cc25e7dd72f1686b4b261ea2e0

                                                                                            SHA256

                                                                                            82d914b1b6e3fdeff4b6c48534530428c73149da574dbf0965fe159fd4dc81c6

                                                                                            SHA512

                                                                                            50bac4e28c2cc906764846aeefefd164ffa143ad9be5e80a5601311f154ad7b55e197cedab3ce400bfa879afb0226705eba38a729b7cee69e996fcd0f82dcb68

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                            Filesize

                                                                                            2KB

                                                                                            MD5

                                                                                            397f3fc6a018d6e8069dc2224179f798

                                                                                            SHA1

                                                                                            716f768089f06dff391400b2f86bed4af4ccb18a

                                                                                            SHA256

                                                                                            97ce558ee30184b54d42678dcc1808ef4c47cfbeeba370520fc03917c4b9e3b9

                                                                                            SHA512

                                                                                            645c93736180f412acade82c990450f5b102b03d7d1a8cf77a9a29b8b6234eb5e2c8cfd5553f411db836bea09347f55da991cfcf2c1a1364a1d7b99adba00ba8

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                            Filesize

                                                                                            3KB

                                                                                            MD5

                                                                                            a27739f971fb4a175c215a509f6a75d9

                                                                                            SHA1

                                                                                            a3bbc14f43767e43a24b92cff73431aefd712b05

                                                                                            SHA256

                                                                                            d0a2293df4523ec05a3535a3a21a6c6a107dd856532552f55f71977a8e2fe4d7

                                                                                            SHA512

                                                                                            fc040b068a36218b6688bd16c6b4f9687254d7a28fdd0270c83dac2951434132e537d66af4d444d96f92f191206f5391bb2d68e7d527be9f0928013e63eb6c3f

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                            Filesize

                                                                                            3KB

                                                                                            MD5

                                                                                            c2a85d80384cfd418cebc5134e4640c9

                                                                                            SHA1

                                                                                            d9f13ef2f295b986fac2aed426d44878fbca08f4

                                                                                            SHA256

                                                                                            6b4aef6511feaabe3751d958d5d69605fcfc99f351eff8cd26cf6cf2bc56e78f

                                                                                            SHA512

                                                                                            947bd6821272c5a42ef6d3aa2a3cef3cf42061e01b446b8669fd8a33c8758f3c3a0089091880d6c69456d9095c12e92ba32dc5ead5dfc658fb271217e9e442a9

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                            Filesize

                                                                                            3KB

                                                                                            MD5

                                                                                            af26b7554a1637dc9dd96302ce8e8a51

                                                                                            SHA1

                                                                                            4e52cb60c798ee3ad5fc557628e659e76a03dfa0

                                                                                            SHA256

                                                                                            b9bad140c02c94e9e08153f7a27079a6f2572fd744baf9663aa34d9878a98043

                                                                                            SHA512

                                                                                            a44f3cdb941f029fce0773b343b0486983087022f321b4464fd0b9840e60d0cc7d0e8d8a9acb6f5e06677d3c3fbeb1f8b854c5deae24e4a409495abcbdd54838

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                            Filesize

                                                                                            2KB

                                                                                            MD5

                                                                                            1661ef8019d8c6118d8e8026eff326ba

                                                                                            SHA1

                                                                                            80eeffef69c487edb106f3751fe37f521f38e0f3

                                                                                            SHA256

                                                                                            0e3bfc00492163c69ab35ecc20d0a192df880d1fd1668ebf285173a57e20870a

                                                                                            SHA512

                                                                                            335068f5e0187eb6b3c0eecea4dd224077c3cefe58171e025f568d7721823b5bc68bbfd1a2cf491cd58e085cb75e6c50049262d6835c8703fb6bfedaa6ef837a

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                            Filesize

                                                                                            2KB

                                                                                            MD5

                                                                                            5a445467169aaa41fc55c2506b13b682

                                                                                            SHA1

                                                                                            24ed38ab34b8af38920a409f29edd7c64d008de0

                                                                                            SHA256

                                                                                            3e495ead92f6f960c553efdaead0e9878431c241b24f01ee996531d167f369fd

                                                                                            SHA512

                                                                                            32357bb13d10f10805905f21aca799361a237b1c4c422ed6a555d70aa81e0ea49f248df1f0c66eb9605190a7ca5dccaee3f81410157fd1b6664c74065a686135

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                            Filesize

                                                                                            370B

                                                                                            MD5

                                                                                            93a33ada576538012e294556b0035a61

                                                                                            SHA1

                                                                                            1adff34097663d332a7cf9a0a8a5f20ccea64af8

                                                                                            SHA256

                                                                                            e9cb515d869f8892771db13c1e3568e61681d4db1d4a3accfc5edbc8574c51dd

                                                                                            SHA512

                                                                                            daf403fac2648f58fc53e10426a682b830ace26fcbcbf617b0cea068eb5f5d7b46b7989720668a4eec640352dcf13127ce8e3614acbebdb8e307009bbd2c8bcb

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                            Filesize

                                                                                            2KB

                                                                                            MD5

                                                                                            0a5b63cd07dfd0a60cd6b21188ef6df8

                                                                                            SHA1

                                                                                            d289a4d6741c1c56f781eb0a9dbd23d92547a5bb

                                                                                            SHA256

                                                                                            24d60c32104e26c3203ba9868c2da8bf1c936643bb38c0c260bedcf403361f27

                                                                                            SHA512

                                                                                            16a8cd8ded43c3c2f64469e2bfac52d9fe431a637cc2aeae63144c9baf333df5ef6025279dea1692a4561d5a3e0605ea2b45e83864334a24e44b396b20bb63de

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58002a.TMP
                                                                                            Filesize

                                                                                            370B

                                                                                            MD5

                                                                                            833a37ee9d02349129aef77638641fb6

                                                                                            SHA1

                                                                                            ee7d3804b0292abc9acc7570638a79bc9f0ce65f

                                                                                            SHA256

                                                                                            13ff33d1e8f287714f9ee54921fba745ed86ae21c6f418075fbb8987061e10fe

                                                                                            SHA512

                                                                                            82499b7d8cb653c17c7d71f49d17a0ac83248e83aa9c5094cd9acd22a2e39c605134423b0bb4d481f3d795f1f6987166b6e9e429445edb3365305362495b393e

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                            Filesize

                                                                                            16B

                                                                                            MD5

                                                                                            46295cac801e5d4857d09837238a6394

                                                                                            SHA1

                                                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                            SHA256

                                                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                            SHA512

                                                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                            Filesize

                                                                                            16B

                                                                                            MD5

                                                                                            206702161f94c5cd39fadd03f4014d98

                                                                                            SHA1

                                                                                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                            SHA256

                                                                                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                            SHA512

                                                                                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                            Filesize

                                                                                            11KB

                                                                                            MD5

                                                                                            36ff4a7c60b33a83f8c149af606e71c1

                                                                                            SHA1

                                                                                            4209853f56a465376facc6dc11e4d8057d37f688

                                                                                            SHA256

                                                                                            2d1273e46c3b8e4ee2af41516e0ca5cbe938dfc4e76e33fa8bbecd41376a39c3

                                                                                            SHA512

                                                                                            83bba2c475cd802b26a5e8e12b37789ee9d63277e00d26e04ceae0e637ff0293f588d8872a750ede7391ae2bb8b15c0e595b76639eef05de2667d244423961f6

                                                                                          • \??\pipe\LOCAL\crashpad_4300_TLPXMNARVANUQNAZ
                                                                                            MD5

                                                                                            d41d8cd98f00b204e9800998ecf8427e

                                                                                            SHA1

                                                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                            SHA256

                                                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                            SHA512

                                                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e