32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{1D381744-8009-49FB-9C17-33473024002C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4172	msedge.exe
4172	msedge.exe
4916	msedge.exe
4916	msedge.exe
2020	identity_helper.exe
2020	identity_helper.exe
3164	msedge.exe
3164	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

Processes:

msedge.exe

pid	process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4916 wrote to memory of 4472	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 4472	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 968	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 4172	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 4172	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe
PID 4916 wrote to memory of 540	4916	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff86fc46f8,0x7fff86fc4708,0x7fff86fc4718
2⤵
PID:4472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
2⤵
PID:968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
2⤵
PID:540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:2532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:2128

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
2⤵
PID:2296

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
2⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
2⤵
PID:2700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
2⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
2⤵
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
2⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
2⤵
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
2⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5136 /prefetch:8
2⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5460 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:1
2⤵
PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
2⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
2⤵
PID:832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
2⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2248 /prefetch:8
2⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
2⤵
PID:2304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
2⤵
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
2⤵
PID:3292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3516 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
2⤵
PID:2284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
2⤵
PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1
2⤵
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
2⤵
PID:2176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
2⤵
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
2⤵
PID:732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
2⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
2⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
2⤵
PID:1144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
2⤵
PID:2384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
2⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
2⤵
PID:2656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15989675325548426556,16248590727625917183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
2⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x44c
1⤵
PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\94ac3699-5db7-418d-a69e-2a09cc572fa2.tmp

Filesize
6KB

MD5
6bb1055f58743bd948046bde926df8d9

SHA1
fc7c54c570614439f7d63901b0fb2827bd5dd1ff

SHA256
7624551963b9bf1077565b5edd76e359e0728c5ff408c441141c446336ea9607

SHA512
afb7e86a81de3e419a366c5cb82534e507f3ef622332a2a38e29054e8549b0b82ee398ba8bbf2b60cafa5ca0a698a9ddb29e4ec7fbc9dae0f23fc35130a44456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
98KB

MD5
d2a3d94281e0831f8747efcb60bbbae4

SHA1
46b27ebb93a85f2cfabad7289bcd66ddf393341e

SHA256
6ae0d0e242fecb1ae816129b2cb792d0963f9b79f68e999a27fed611afe225b8

SHA512
76383aa1c65b0205973a0b9f58d34f70d9bb466d1036c0cad4ed70c6d219afed755636eaa878b83e17dc28a42220baa8b399566d61b5b0acb305ad7afb4e8279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
28KB

MD5
6c45893c8638bbe2ec07371d14833e34

SHA1
f33164a4472df27acc5d63d29cbc777ae3b81200

SHA256
4902d078249777a01b0c06ff04ca23d5c02fa6d5eb38da78467ce09f850c480a

SHA512
3a32b26940f1c3e528701001513a00b71e923b620be4d5178c6922da35ec400ff8b39eb0f7dca65e32eff8c43cbe42ed577e04a9099909bafc459399a2cf2a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
51KB

MD5
918987e97d0cd6205afbbb16aa8f7663

SHA1
f662800d84ffa28e896efcddb9c98d6efea57de3

SHA256
531fed9c786fd42329e4d10d94f2d4141d2aea78cab42792fb083e7b4b75e829

SHA512
0884d6433dcc428f0bbc5b6fc3cc9c75bc9000dbbae15b42215cf1d83e3c7545f504d7eb8855773bd3ba8999de42b5a1222d68191ed54376883107755c6b96f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
19KB

MD5
3ffbd1e963d6dcce5ddad8916f3d0fd4

SHA1
f9eed0613dc30a8822bdb897914315f5a0e949e6

SHA256
f603aed80eb6a8d8568689c4c735b73eac658e5a402f7d8840bc5fdaeeff9f73

SHA512
f0dba2780a4994a38a400b577229c7dac71e8c175c4c6d73bcd750086b4e45e2f13a1ba43ca139da2998c7fa1d0d8bf39ebfea83b31441aa6ed1df70e8498bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
31a814f9deddd497d08af1575a625d30

SHA1
e254a4237c6d062c36e56d76f00364edc1e821a5

SHA256
c0c1bde920ca21b594cce37dc97cbb6b4ec19bf97c8152873fdc3431cad75003

SHA512
80bd41a79f38e67e48fa607e58cf955ea9240cd656d8c558897f61b80edf96948c3d50a0d57ef9750d8c2a73cbb49567ddaa02f39626b75828e8740e888f965f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
742b183412b0bd510c0758bd28c56a42

SHA1
07fafbb7665ae11cc1123ce6ef7d40d34fb583ca

SHA256
38ec6e1a8262ab38ddf3cd4a4f17565f0d2c1f28558f0fbbff34880c2feffe9e

SHA512
8d0b35a9622a69cd6cbcb64c9966f5f68867a9f1b17e8a2d5815d957f85029a77025732cf3a5cbd73e974302b45a683b2d7990a9416070131ef7a025e98ceb71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4c2d1a25945aec9ffa4cf8e6006592f3

SHA1
bcee268766ad60399e93b4ff3e992dd119b87100

SHA256
ab5e82c5a84a5a68cf55b54433c86ae01101acade6e3b943ba636f8b01ca1963

SHA512
a0da349a41875421e83eb5d320d2481107a5a468096cf6925ba10abddc18dbbe3682bd500b05f419a0c51eb14d4a8182b33e881433ed87b16e4c94afbb2b62ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
68b6e26ddad33c8934436b72f2c7451d

SHA1
1693704c490a8159664c908262970a55da37c44c

SHA256
8c9cb7c61e79a7a44cfb189cc7bd243e531cfabdd5acd52d2034f2dcdc92f0dc

SHA512
5ab902218b2d565efe0c260452f2c7561fc580d15a6d835b910dd4219b8e13bc6b185acaf59b41a978f867c65749f776fbbe3b27869ee5759903cfea86fdfb56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d81d8275a7587dad9e6370d6012ae815

SHA1
6685ac5d171428552f2d1a3f78b180b954551399

SHA256
d45a1a621eea9d5c2fc8047df06a06914f9b25c61f070c020fc94e046080ed2a

SHA512
cbd183a293e4702dc56dd1070b4090c8d6ee2fd31536699ea02e6b87c9d94540a2c5373a07a1d6342ea98a2e2782b3773b950585ec6f2d546ec152a4569c8951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6aa600ff814a18b0f557bcdc02544c30

SHA1
f9980cdd301faac057043fde95f584602c4d0ea2

SHA256
136d21233fc6704e48d238e854901e4cb943842b91f94cc7151cf83c21ba49eb

SHA512
e00990b4f2154ca6d2c4cb4a36a85f287aa5da715a8102a919347120f3569460dff978e1546e4f40ce58bed04036541a5cfde69d17d13e6ebec1bd1b99a9da70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b35c05d35f79c3e2c52d3a39666b019

SHA1
b806e1fa4cb865d3c875b8aed97fce5df503b2d3

SHA256
150d52a69f0729aafff14ba34359b0c20f12d8d621bf865e546a333dfeff1fe9

SHA512
e9bd7d7a498fc95300b94ff048f98cd6537e6d242e442bb578747f4891c935bc073bfbadfa4382776d8f6b5c2b7972903f1284e0aa1f51b8e213f937d7d7ecd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8a8e9f7032d15cefab3706b4e157e6a1

SHA1
abad7b3f81fb6c6a7f610256c58b7a88e2069375

SHA256
4b58c951321540e6446741c313755e0dc5a467f4e94147f755b1dd62644f4fdb

SHA512
acbb7a5880b3c5dd1828bdcbdb58b06294efe76335be08787e8c5141c934ac11c3a63fce763c70d304fb95ba9afa2b671843c4e8ad527663b544aab7c82117bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c61a5cefe55980337f6905bde160b169

SHA1
5d131b32c761d763a3dba6f662a756be27a94d5d

SHA256
8714fb857d927380d1e4f8b85c1c9e8b6d3236fa3b8a2def7cc501b0ed722e1b

SHA512
f6b731d0ee43ff888c254226b2cb33d4e4efd7de72f6b9eda83257f8305a1d0690e6122854f99ea75d09209023a4dbfae2527bd967926d33470f4a94051a6306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a35ee4c9beee4d6c9d6a2fd2c2065db5

SHA1
90b22f1143e81e8a4ea1ff523cc8b25668c2d708

SHA256
dd9c9985fedd0b67df0c3cf3367d00774513c264cd0d91d06edfee8b9c4dbcfe

SHA512
da4b0c5c41b3dc8c20a2094e3954f7100e307bd5d8e310f0c6384119d35a1e40d2bd21f760097131b58ce817b0121ab7138947428dc1f0a5feb2ed8f78401287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
21be84cd78091b9a289ded56d32f643e

SHA1
e424111f3cc0e95d947f8bdb9fd3446ce9582740

SHA256
786b260d2e93b42baf35e9d6a58b2f924fa4309256b7d5cb65ae810e477497b1

SHA512
688167d59205fe177b41d3ada3956f508daf46f5a71f2eb0af448775e3e7334f3c6faa6230da101fe9bcbf743e3fc47ff6c3767c13dac331473df64b3b321232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
833700ae9d1c8f732c8d0248f187ab64

SHA1
b420f0ebbd79fe17afce84614844f8e051710e5d

SHA256
80dff5c41fb1041300eca9363f18ffeb5ac7888ca57ebc1c8680ba63d7e8cffd

SHA512
b781a92dcce5e6103735b20dd6ca374779d6c824a3ac44ce21056d200c4e8e690e874a953717d29b12b9c22869bafde65e0367216c9bd56622e8f86dd109b7f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c7e2caaf25c3b2fc51b0090c374e3c95

SHA1
e1df4e991ff504944e0a494a491dc4f39a308956

SHA256
44fd43f6770c08f2b6b3763b7bc6730b7039df86025e42d4e1648990f1029170

SHA512
80b1624ac4fc01bd36bdbdcb6b414f60b375edf0170c79533ffa3e2ab2bb7e3b5fc34c61f2637d3125cb3707a10915f1ba94b519389d51142bb083a561f97563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
af17e382978998f968f778dcb46e8bd7

SHA1
32ecaad1e4e72cd907963e0d7562eee9878d4dcf

SHA256
b48da0cce5674234aa7acf92b887b04e7c28cbbd9a22087363ea655828bf8e95

SHA512
010e3179a712879406dc451ed57109771ccc14f8bc56f4252f7f7dd62ad050bc54d47ae7dd4a21943943d32926374999b4e9f6ed8f7c426bac84d1211019fe0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6225adc9199e81f3bb430a98e13ea058

SHA1
2a1c3e729d43131abf5a40c0f3ce8ea25ebf5924

SHA256
2878e832c1d2b7227abdacbf12bda49ec0e01165f706d01f7f6edff428d8d4cf

SHA512
f5b4713fca5887831a5671ccb3826f0c33ffe8ed3575470c6171f8852604ba4325ce8c1b1ce147844df90894d8e1e51c4ae61cc499a4d7d4d52d61c106655875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c1dbc5a9a0bada5e697494214d173c69

SHA1
8f89717d6affeda5b1285b3723a19945ebf5d666

SHA256
c796e71aad000a0a8a485646120452102119a0aaccd649b82d286a5530dcf9dd

SHA512
a7cadcbbbed340cbf2162195708dbb3583a891ea339d054dc0c569be922062a5ac05b613b14b263b741c88ec37e5f679259a015c86f432d1c037673a2c0fd3a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583573.TMP

Filesize
536B

MD5
04094ad8cd2c47ce04344d657c2ac7b7

SHA1
b2b4a3cdd4863ee27eb1ae65a8686472664b39cc

SHA256
404daa208a1f9d958e037f1a1dc301553495decd5f803fc970a79d80277832c8

SHA512
0fa67cfe8b7b6d30c955ded888ee3fa2b31ddefa4b04e3af852bc65baa9ac6b2fbfcfdc935cc65813a1d7547ced65b8a86d953c1aa242b2fce7ea2eeef00db29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a14190ecde837b6f0b121c6f9dca71a0

SHA1
8380fd9bad85786a532a1ffe93abaea6e7bdea21

SHA256
75d450a147e67f26059a49fe9d24f397077791f7dd625dcd9062d86bbcea7c3b

SHA512
3f81b0cad8b7fc874448f1e0c366b6bdefaa8565f40971a4fc5fd6f08f0a3a7589e57e19c4a5af5291ae24d301c442299f44e84499ed0ad9e353177b358a4893

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e710e69ca0f2cdd110b985c7dd87f24c

SHA1
f1fed08d3a8e285518ec41904b21c223b7e10744

SHA256
16cb525726293da526e1f62a7d7e231b9de106989f1bad7cae6f140f82731776

SHA512
42e6cea60504eedffcc448a3addf5e3ed7cd8e4382f326b32804ef27e11b69de90e241005ac3f0af7af1afd3ac56401e9e1b3d0a584d8bbb32d0cbd13904a8cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
72fd7e6afd089465b5673f2faa2a8505

SHA1
54adcfa034bb247d7111c50980c6ff6b22c36b27

SHA256
114e245349949d843691e1527528de813f1f71c2e927110864ecc5279078ea90

SHA512
1e7b587a245b109632e40092342e7496998bba260e251a39c4e9519f0823f787c3d2e62477765123781a09cc7e9c8dfa516617c60de4484f3730c7c9a57f5e44

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
7cd94263679df4ad8ad9c92ec41012cd

SHA1
6320492f6e955aa9122d0afc6bd37086ee0f843f

SHA256
0ade7b998664b6424c0ffc16cd417fb388de228d6715d7b7e34f76734836de34

SHA512
706942a6d18959de4769395c83b85b110ea3b34cf3d83b9a9ef362221351701446d0ddeef1f89906f34c6b5f2d9870d8e07ff467997bb3ed6b53f2e2b289e865

Download Submit
\??\pipe\LOCAL\crashpad_4916_BJBQXJSPMBWOZUCF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit