hxxps://drive[.]google[.]com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?usp=sharing

Analysis

max time kernel
1034s
max time network
1036s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2024 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1403246978-718555486-3105247137-1000\{86F327A4-FEDC-48FB-AE31-7E0D41476E85}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
508	msedge.exe
508	msedge.exe
5096	msedge.exe
5096	msedge.exe
4028	identity_helper.exe
4028	identity_helper.exe
4128	msedge.exe
4128	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 2484	5096	msedge.exe	84
PID 5096 wrote to memory of 2484	5096	msedge.exe	84
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 1908	5096	msedge.exe	85
PID 5096 wrote to memory of 508	5096	msedge.exe	86
PID 5096 wrote to memory of 508	5096	msedge.exe	86
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87
PID 5096 wrote to memory of 1304	5096	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa6ac46f8,0x7fffa6ac4708,0x7fffa6ac4718
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13687873905873103732,7571175441723091163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:5980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1f20b1b0-57c2-4dbc-be0a-de15e7fbd70e.tmp

Filesize
7KB

MD5
d29579343bfc34297977b4a927e33ad2

SHA1
56c971cf69cb70948c51caeb14595117fc114615

SHA256
fb588a564843460459183fa86e142e316e143e448cbb22a247d542eac5cfd064

SHA512
87c21d17ad2d9e2ad40ff76f030cbef97c9625e28f1dbfc9c70aafc70808e76d2a158fec49439919cc82ca302c7eb9fb343972a693750401b6bead6309181236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
16KB

MD5
36e579528fadf051d765bd2bd639bc60

SHA1
9e15a39a1165ec69c48771845fbc0c2bb7695670

SHA256
239f22bc967c880b1a4f7144ea070fae586b94cce025ef18140d5d91d16be81e

SHA512
f9d4b328c18b7082f471385d3274e2bc37f2c6140e03ffe69824850bcd04388393056a9068a3a396bb2fbce567103b328181820f04e2335bd6284d7f78b38e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
0d7765549f9c263a4cf23415eabe700f

SHA1
e8bdbbd9dc9cd5bf4c2b3c479233c1bb073a97bd

SHA256
e858e11d3ae31219a517aa74046985d4b0c86b6e3ea9b02c81b34811a628ca2d

SHA512
c85f3879344eff7b134e105d1e4c21fa00b6c481eba84aa34d9f897153121ec0fb8dfc91887aef7a2738ea7f085ee4fba426468d3ae87a4e20b26e03eb34e659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9884a9ef1db471d15cd0bf52dba92d2c

SHA1
0c52e1dcf6fc2e7fa568faaa98477d3e3a0e1419

SHA256
2c8bfe77129ff91389dff18f2ab9a9423fff7bbeb88323bc99d482d018d849ef

SHA512
6e91b8ca5f0211c983c1e3ee30de6d62ddf8682c2da53df5b4c41b2b306addc546184e2fa9f109f1177da84f04d79bd8170029a6b766d301db0519e082ac4f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6ede69d03f28853b4c34c5a5bf3aba46

SHA1
8799e265cd71bf9dca3494c9bd532795bd9223ec

SHA256
b780bf351e9daf458e4f916386798b45b0c04a4aab86b59e410a7405cf96c750

SHA512
d477ed281e432eb1321319a969f41968bb768431c3cfb02dd37d48ae98be6b3fbc3ae7aef39474311ae3ede021ff15aa91527d3d4d8b8d0fdd3433d2114d0f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
10b62d9504822842899c241d79b5cb7b

SHA1
65d9b7d1d8fec2b11464cb2d54a51b3db3c34fc3

SHA256
da017aa2cfd35711197fb4e1a201adf9c5ea0723ba67cb79914c6e44a7859594

SHA512
5963a512fb2eb09d1efadd3fbbe46d26304c47a5f6b0d3dde5c250ac51585e1dc8aa55bb203a19ee1e3897e95693d188262254b09d61eb1fa02a8bd63ae699bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
12efb3803d4f76911cf261e8cac46129

SHA1
5a9d6ad6e96ae5c06dc04114ee756cc6628b6dcd

SHA256
2007649b766a1dbe9acfe7f6e09197f2b9cb2a28848dfda4fc1e32b1ec29a265

SHA512
afa914f89394376848deaf8115e5fc12f7557ab07559e2f93a6cefcaccab67a2632a8c20c3f01a3199a3f3dca92bd836472997271b4ba918c2b8b0998f36c336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
5ffff26c5dad0164778f22944fc75178

SHA1
4671e2b0a49110ffcdbd53be87989f2b760c2c1c

SHA256
5bf2d04097f597140894d6c9d0210a3d270a21407cd6d9ff4c7639697f588f37

SHA512
ae4d7f53741ec9de4b442f665665fd500b82e90b4064dcfd98fa171e8d405f7a2172eca29ad2cb16b0c94cb28fbd4e2fa8bdfdea18ce01ac1d43471db2d00740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
ffefab816212aa95c67ee65de67a6da5

SHA1
6f6efa66a074304a0d298e2c78b08fef280a5a34

SHA256
7568af14ea13ac6d82785d50e468c7640fc616c82a540f1d390f222b66347522

SHA512
faa41df7517cb5cd1674a89b7091f9cecd900366b218cc16a713826240a5dc9c3ea2bac0dc7abaa74f93b4fcf84d780b3be9ea03b3b629f1ce58b70a29e5eb67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f2a0c67b8062a7b9838e8110165633b8

SHA1
e45af1c502a0cdcbf9156745f5e1b7bcefdb9409

SHA256
7d924b68de7377e447366b7fde7349a3d729a3602db9a6e84b921372da94c8ce

SHA512
1f3b38658069cf4acd5710a7b1620a3fdc14e680eb13b87e1bf0431e09ec680d5ab94373092e69bb278fb38e1c3e6d2d702ce3b4b577b7ab4227cc58d9c018b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
553c87253bd1660df092bf6dcbe12bf9

SHA1
2124827ab1869d6a365afb358b6f9c272599cf7e

SHA256
e6fa16d95688410c90b9fc722137f634e85aeed621b27ecbadf268cd82597a10

SHA512
0e4d39aff0bfb59d63c80e9c9d8b28338ca9d0473e4b15f1bd94766a4fd3c62cf6d05eb7d4a55315c6f7340bf7bc33b1f213492addcaa3439e1e5193139f82ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
e61aac53cbfc2aecffb6ac497dd81b4e

SHA1
0e6c7205c655e60acc391f0dae71f503282505b9

SHA256
493e186209ab5073f0d6300259173c6370defb0eb471840fff3222972ef4fb65

SHA512
29558fc19d9d92e6b48a7dbe37f996f03d577c41b657744b814c67141a7c18e98272a11ea526b53d288c8afa5b73829378002f75a94274217e31e48f43c00bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a41f190b6d5f1f32b92357241cd78ee3

SHA1
1e0b24a2427a06b643c698ff169f8b3bb7ac0e87

SHA256
8360120d6d8d5ec835c65e95315f8dfdc5862b5c6f6c9897ace7bb66485cc759

SHA512
ec6adda6bd9922935940f5bdc8b8cd40a008c2ccc0a94e33313114676f10b79ce640128cb549a827f9d627e466cd5838ac2c2947ca519f0365cad67cda077ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ebd5341a7371bd117dfc2a101a4c6c8e

SHA1
f22f7ad70187fefd2ff65fc17f98795016c33de7

SHA256
2eeee3d07eec3fc971154c17bec2f8b6cf41b815d09c4610fcfafd512661199c

SHA512
d0061bf1cffdf3e5a9c564bd3e64e06d3573281a023213bc128dd3cbb39424393bcb30978b74b35e27fb9c519e55cfb8845dc0dc28d42d62dcf40024999c4abe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4748f82df1ed813da5b99c47dd5e330c

SHA1
81002a8505258eea6e641fdee7c8b076574f1734

SHA256
64ad1b0e042fc19b39833801d1d2764635521b231d549dc565718ea567420a6d

SHA512
09f681e531156e48940eb4f1451c2e46c4d0feab1ebcb425b86e4d49f32c3af25b05a8640beeebbf074750d8865ff872686930414fef7d3b6db523e4888dfb2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ad5e23b3f81c029466120db61eaece08

SHA1
5ffd0da95c2f2db7e32b0188e711cca8e4376fc9

SHA256
a823955954862290ce23ef1c1ff7dbe9157018a07eca88b601705683b1faece6

SHA512
4f07bad330a6d414f1e7a42663dcfd060b671b1422b0e761526c0771fb7c3a93c69252e6ef179db677353b2dd6dc99745cb80c34bb5dfc1103f4d9782ac14f2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fcc38298996096f24ef4218409e953a6

SHA1
d0edc9a1da84aa0bce21fe6db42176c215939002

SHA256
29625e45641056ae425cfd1a8e7825f3f689d8506769492a5f0c576b778ab8a2

SHA512
297c02a80268fd073ef9eec370e2314e1d97b8e8cad560d148337e4191e2977924195980e085937ef818c6542b935c46e8f1218745f696c94e735b30bb29976d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588be0.TMP

Filesize
48B

MD5
630e132c177d2c5248d67007dd705c5b

SHA1
097eea0e061e6c203adc84c28c4eabf28fcd415a

SHA256
f162b7d077904bb59c93aa34fbbb6047f32f8a6b61464266177c8ad9bf180a1c

SHA512
8e3cd6d0f2f2ef7b276dcad5cf13563893d096734b19c7ed0cc985a3f0b773ef817242ef1e0ee08a9d3981a014489ae8bc851f5324c281a64a2f4ebc94e54584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
310f49eed32be48c6cb3153bd4ffbc7b

SHA1
6badb3d3bbc04861ea8aba84a1fa91b1391d9891

SHA256
e6cc69d734886ca2a594f76768546523eb83ff378567fee445bfdc00ff75b496

SHA512
9c7f0d5a3c66c43560dba53b9456235c5bf085c9686fcf58114a1f8d7dd52639ed27b829b7e39d1c2eb3a809f64e58a5e639ef3ba59c90ab3f4231f8d10fee16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1d9343edc0c6356659c61f9d646ceec7

SHA1
fd0eb4c9c1c3178f1f2b57887c0e3f273640dba8

SHA256
68ee5657904c4fa0a4daf1e2546a197c7482e074738548512875571ce31c09e2

SHA512
d85884bea1e54ed5dac42268770d81055b094f411058ed8d9fe50c6820a19243b69a32dbf05cd74fab763d8da49a1b65353eb2e7212a6270c4d764cb903ba9bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e63beac038e140a9c0636de7d8f5c0e5

SHA1
5e0a7ede6a8c331fdd99d99b96b62fc3e4c33ba7

SHA256
048a1252fc18e75f78176cad8e2b04e636d5f8c36a1cd6f6e2d199940c78b9df

SHA512
c05dc0c976ee66714678f064b1c934a5e1e2b7d05edbb05466340eb168d8db44616df6936a64d6172c0f6297633bbd3b1994f5bc65cd4d217db2eb2d8e801024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5fcc48ed51bcf748ad4df54c5ebad92d

SHA1
b908ce714e787fe0517fdfd3527563730f821b01

SHA256
eb4e08348b6bf4cbd52a8effe6a2b7f583f8ce28e8baf1eceb06bd22ffe7666d

SHA512
2a05b933b8f7df9eecb07117b76fb5008d6263edb4fa31a80491ebb09958918625d4ebe08be5ebd8bc1362517675cfaf3308fef1af26739f737c8785b8b09170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
24f39aef6263444fd000ccf4b2186ab3

SHA1
056fc0c5eaf6d050dcdc26f45ec74b84da0c1969

SHA256
5cd3f88cd67a6057050afc14027dda0f4a00fed6ce252dbf4def6d9677375202

SHA512
b49b20f7303c9ba0e33f2036e1220507a52f56e0caa751ea48848861ba83d28e7dfcabef4a2ac8ac040c8f772e602b4e85d01b4b131b8ad5f5f34e2e224e8a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
562fbdeffe7fd907b3ac2a365cbe87b8

SHA1
6e9039787c9d771cadaab0e09a9d63734fe82f41

SHA256
658910fb7f7a9663087b60a61696d14bd06c9fbb4976c086bef29c0e31b11eb2

SHA512
b395830a51eaaaba5313925333e5c6ecc9a9ab7f54818871f9bb4615ddf18ba92b685ae54a40ea98cd705bc0066d61d62913c411bfdde3b20d0b39db230c9175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
54615c02706f07f08f5578ba42650071

SHA1
98b4e1b8f2b7cae0614396e67b90560420397605

SHA256
3bfe213807e9a498bf18d047d0e609c600453add06bb48a48e0cda2d70b5a57e

SHA512
f9f7ee5426184ac5ac650c0c02ac0f65e73d7e1faccc1a2aa1c7a71682a5eedd87866c0bbacf53590b8071754260170f690af891527335a74891707c6495795c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f93de9699dd947166e6aad9f05bf67ce

SHA1
c0b68f40572a6dc99476e0c0942d2d43003bf66c

SHA256
96176a140679f466ac731b73e82fd55096bb893a429d5365ce0a7f7b01d52b84

SHA512
cdb06f23c3e34ea2b499fd3613b25b117f895c9f11ede78be29661c1acc969309291010245dfc63396c66f4275b331885433fc0c1441821be5503843c70b49ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ba25cf40e2fec7ffd5e5e9865704a275

SHA1
2eef629aca848be8161fb6be4398db18c8978f21

SHA256
811614b7c5352471dbdc21e4dd6e30e40e76563e4f62dad27aa96f88bb3a1d2a

SHA512
9d812b531c1b00c679169c7c0323b019a2c8121ec74abe7e2ea6d3fef53cc7dfeeca18b4e81443ea44f6b48e8657176f4c92989af5a723a9662bf03580e27890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
157127ae3a0d37448e0cfe2fae752430

SHA1
73c38bccbc6d1f7bbe4ae292d7ded122b1c383b5

SHA256
3f41727ad5d227c5f1efc7ee8528bfd11d3447a35d4318abc233e4047599fa07

SHA512
8759c8d1d7bbf467a8b8fcf499e01ef913a8189ee24c94ed89b3ffcaa3b6c024eb4354062ad7eb52a72a204f0a88cbf47c4cb761ea0d0879284762887d04fb64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6a4e73064f812485e60f710b9ab93d45

SHA1
8049f463a239e6cf9cfdfbc863400b059fd0d247

SHA256
e1080eabe0910e30ca895433d2458bfa0707a60ead8eb9b0f7339cad742c90a2

SHA512
d9855b60fd039f862a49f27c16a6871ffc8d337a14175afc1001a064e4ea91498bb793d5faf0b5e78d6000123b9babc7f41a0f776dd5a5f972f2d9992dbe28eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cecfa67f3348685b26b901726e96e5a2

SHA1
4a8fb9193a2bc735a51edaffeec8538b55e617ff

SHA256
6635beaf37cbada5988ab9e6902d25b6fc6a45d4b1db61b6cdd40f3f263dbf3f

SHA512
a23e966309dcc4fcd2797c39f6396bff3c12ee4e3f8b976c4c8b008e1f3e96bc0223c0ebb08c688a87a0ffa0562201525ef2b10dc8b61012297cafd1e66ea6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3f423e0b35e6573460de908fb30f8208

SHA1
ee0dba40820d52e012207bba3161b89e9d662d9b

SHA256
7dfab6365b3632dd5d261397ffee4b4261fcb08df0a7cd4d542fface56a5f8f4

SHA512
266f3be13ff0c8a9243b682c12b4152fe481bdcc15d185a32a6d1fc440aa10806e11046ef7b74c731a20beea949bda15e575a82842f88edfa6be3a68e60c549f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c203eaada38561c746f6b65aa3c4533e

SHA1
428646f4c184e23a92eaf1904c99b55c47ff42cd

SHA256
b71dab8b8e802f831ae2a6363800035bb951fd61608df5a30974e1105ae9d197

SHA512
7ba8d28dea455b8da384dbf4d3d8868d87b5d193f807162b670ca6583000971a90bda5e4c56c90cfaf7728dcf992004333f05c3c64f7d183acfb0663602af96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9db451af1dbc863fb7478952e90fc3ce

SHA1
acd44f3110f67f7aaeb4ee0e6ec42a3b34e91cc9

SHA256
ba6d1bdf5263825825cdf1de5058d178edaec8e2b5684df752579b9e649f5f2a

SHA512
8ffa61831563c40260159d3a0686e0bdeca445b586d8b91c9b5f8871e6f77595ea8416158428ef2946d42cd262cdb195597f05832f561d3f6c5d2f58e230c8c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58530d.TMP

Filesize
1KB

MD5
d7dc1bbd725c561c772e80af4b8d05ce

SHA1
4a2df297370554ae7248363dd2a8513ac8c533b9

SHA256
e55f622d7dd3077d5148658dd7a9ec1fd8156c4450c6251b303e30a1fb06381c

SHA512
1b79d5c747a2b8a09c0eb5b1e157e208bef10d25cc1e7a413c4ce1596ee6f4777942d0930a5c08ef08a58643ab3231fe67296ab1ba095d4148bab7c350e44525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b762eeea318745b2950aa2b6753c494e

SHA1
375108a9784f99d8da553730bad1043e1c5b3613

SHA256
6683732f52f164b22589c6df2d11c4bffd38641fd048e68ec7f826349279317e

SHA512
c0cb1adcfcbe625950da53bbee3be3cf8559485816327c621a63f0dba23cd83a439d6b9f099018e49078b9a15528e2f005dc1b0dc3f32bd05f8333df9b892937

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit