hxxps://drive[.]google[.]com/file/d/1BfrpZUYl8cYHWQLazu9JmzfsGjShxoGu/view?usp=sharing

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1BfrpZUYl8cYHWQLazu9JmzfsGjShxoGu/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{3AAE3A45-1B68-4D63-B6FD-B9A8F27808B2}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2152	msedge.exe
2152	msedge.exe
4364	msedge.exe
4364	msedge.exe
404	identity_helper.exe
404	identity_helper.exe
464	msedge.exe
464	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 3148	4364	msedge.exe	84
PID 4364 wrote to memory of 3148	4364	msedge.exe	84
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 216	4364	msedge.exe	85
PID 4364 wrote to memory of 2152	4364	msedge.exe	86
PID 4364 wrote to memory of 2152	4364	msedge.exe	86
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87
PID 4364 wrote to memory of 3424	4364	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1BfrpZUYl8cYHWQLazu9JmzfsGjShxoGu/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed9d146f8,0x7ffed9d14708,0x7ffed9d14718
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6379602857221704642,4295146258335664617,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5684 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
9a25111c0e90867c7b8f41c5462abfaf

SHA1
0619625d479f31cf145c2e3714de0df4a69169d1

SHA256
41bb42020f1beabc9e72913ef6a33aa264556ec829ac70fd92c9c9adfb84803d

SHA512
0fbc3c64d6f5acc2c0dab67924b0c669fefa994f449240d1f6b78dcac3538343938a4fae972726156189f05806d3aae0e333035df52605ffe28886b82f31ccdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
6KB

MD5
61add27bc3e822b23f3df1035e9e5fca

SHA1
c6e835e628d0960ce3d5950f9cf14b29b6dc5110

SHA256
6e5880a7d48d38a6886a5da3da2fa95269d461f6f663ac91484d4f1f6c479016

SHA512
ae3fd8e2a5ef34accd1d7c0989194e258d5baacf61754dbaec60c4c53284f9857add131e14981fb34a1e29b5f796a5b997f5874d15b0d9d60bfb0c8b61758994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
83b68c3beebfd4b4b4ab9763c2f44cf0

SHA1
3eb358b9d8691efb7346ffc1f43189aba676fad4

SHA256
2a281e99ea4f0c09204fdc7ef34cd7ae6ae38e85c35f5e4bdb89c55cfcbdcfac

SHA512
155fd64717a4e8a9310914ff1952a9b039a657394cf5ff597f919862da3284dc2308c1c43f6666a28d2d4c647f1e4e0cebdec428f1ec02438a8f87632f65c339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1ce8460c99418a99cd8e16c1a852a0fc

SHA1
175bb56ea6f9b3da8c05414c081c652e4ff82f25

SHA256
2aaebdd5e952bbcfa06758f967b5fa7de88d9b4b7ff6cacd0252c80702b40c66

SHA512
2d7375d52a9a61bdfceec0df654c1d4033781f4f6a3e9def73596a51a879b83677d8768395510599975bb59f2116c87f76202d40dac3e0fc054ae12bd2758f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d612a54390e42388f42fa93c72062524

SHA1
392b36fb5b15b8de6bdb4193a1427697a6474874

SHA256
a20a093383ec71ba9c53cf5f190498263902c26b29da717ae0cb1aada33eb7c2

SHA512
bcc2b86b3a9359c3a956ac43a7f5a4b3dce4a52dd8819a32ee9c3bb5af45b8f778aa4b8e2bf05b8b530d348a7f82d6803463a7bb4f07dc79d32da25bae5209af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
7dacac15dd497e483ca9aa25a813c78e

SHA1
2f5e03da6d8f0099bc2a401dc92bc12b2e1e4566

SHA256
c50df5abf956d8e94e14dad60b970d766aade5b2d394ed23a407b9ce4f22ff4a

SHA512
ddd4bf8d68ef63a08eae2ad3a8e233d24f3538d2685d1e5d2b1b83d4d336f2f8eca5ae725db1be98a9b79a89c65920a1b3bee8bb642796d25a127ecfae83d662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c27b8614eaef6ef4412f91d2e127d342

SHA1
5a367dedce5028037a37aeb3d1e98920919e9ccf

SHA256
6871de71c642f1c5ad9549f547844fe503e3c3e516fdc3796e0cbbaf6dc298a4

SHA512
90b7e74d9391666e110bfb98d56ead1314c8c36a9e5415c187b5e94d69936e6909b8712e6bd7e37bf4271d6c024031fad34d69bbabc8e8320657def68cb7b784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ee716711cebb415d07396433e7098eb

SHA1
a77264227094858c2ed31789fdd652d0851168f0

SHA256
e3f0d40296302ac4f0045cfe102705399d2d35c1d635f778a96dfcb3369fb416

SHA512
d287a37ebe608f2ccd1749f1e933b2ba176265f78de9a684704fbff9d31c3c63645e7043c0b2a2d081e04af300ceb22457b51e8f2b6dd3f77f2971fba83a3bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ed1bf6f9ed60eb92555198b9cf2c89c

SHA1
0e33ab6b9337e42cafaf6e576f9603029204afd5

SHA256
b2fca396c279ddd2045f67f8c277be510ae780bb2aec664bbb058e7c089877ea

SHA512
15f1caf96a5fc66283bd7b3c4f584be5a2686392360ad20350ad5c66f64d709796cf73d178a3a355d98f86b1e53909edee7834d9d5e9eb1d14ee462fac6591c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b25ce04cf74198bd808aa70e4c74ca07

SHA1
651f2af970e9911733cc8cdb21532d8a5c1d8a7f

SHA256
0fc32a640880eb0193a10793b81733d681ec46347c5495fce8e9deb584603827

SHA512
548813a631dd1f05e66763f6f5a068af45d29a64b78bf0d16a4a7f36499102420c8c03c8eb152c33613120382f865b98c935df1fe68236acabb1393f35488bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
ae0dd0d735268a772c33db62d3acc652

SHA1
e11ddba467bf6304b82450dbeffeb8d4f631bb35

SHA256
4735d11e8e27fae0ed5ddef999281b91b713b582deb81f3c7e93d8f58558bcec

SHA512
1b6e87f5659a454c8f56b59eca023f6086f02897187550259e7d3fbada721f119cdfdb6057ba775c49eb2fcd9f8e70a355dae45f5586fb05f82a8407aabaea7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e1c2481ec8a7123b658c8b63dbce9d27

SHA1
a92bb6f2d3db5f083fff7b56e1ff15cfd4f47618

SHA256
67a9957ab313fea782909ad4e798cdf1aeb487c59d30d2882a2b772e49c6937f

SHA512
138cd60352848cbef869977288adbb607fbf5fdb470abb56278041cb196910d0f0bebbd13a9d0f5299efc9b2585441b7be8fcdb479dc93dfcd98c6bec079df8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c27216d447a91b17385372635b4f61ac

SHA1
d85b87b6f2c53e909c48bdde07391cffdb20ac3c

SHA256
7a3caf503536f4a4f9872bf9af3f29125120ceb7d00ad88baf3d5e40026da8d9

SHA512
82586c08c255bc29456072fdf742884eeb40ae59fbdee03fec4c93689094847ad5d5e8907912cc576a7849549fae236a29f1ad5a74ff78526bf81362a92633ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f761cf3b9575c4df06f424b600fcad27

SHA1
16a810ffbf2521588c551380c21b7de6530b9041

SHA256
899d5ee8a9cb0361de3a9ea1f28a5cb5ad1cf55c6288a398a46a5412ef08e9f6

SHA512
e8093b9b32bcb77a12dd3fbb11d86e58d7049cc8ef7086c65d526418cc2b7daa814dd45694f310115113438619118938dc9cf1144628a6d09a707689991937a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e4608f0d654ed7c03b8cb74ca72eac8f

SHA1
884203833470173e0d3767a63c0d20e6208e5f42

SHA256
a6016fb97eee7db66952792355f83ad029c81b1dd40fd51e229dbae4e258823d

SHA512
ccd626f1180659bcab95b136dbbca3ed36c7aed420050ae53a20a15049f542f8c70f07ce8c825c24955924656068b2d2246b5d0d7b96c69c519a8d328291403e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
7366c153beb1254c857711752f98b155

SHA1
7715d9df8aa21b6cb1b50b2bfadf9c9a4201aaff

SHA256
475a546708af39e2d5c8005ffdc54f4bf0b669d8fb99771d37e986e7ae3d0902

SHA512
6ffd968401d5c796c75c873680cc53fc50f143d461527094c5a309864972e5596136b8d7a7e69c72c82e010cbda3ebfa5bb11f16a2dfbad855d9d2fb538294bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
71dd1ed1f4f430468dd5836b40b58958

SHA1
947ca506783e4c02fae47fa3b8f3490d89372bbd

SHA256
ebe57612f350e3ee9cdc85cb49c646d7c33018a2b14c8ce323bdba58c49a7ba1

SHA512
eb49c602e8b275b770f3f699b27e15b08d5144d240d778ff7fc785769c2f6360279a8c7a4a572793dbbde4815632a4b04209938a0735c88399bc5b0eb404fc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f453.TMP

Filesize
1KB

MD5
95b08c37a90fee1966dacfe23379a1cf

SHA1
a10670bd849b85b844bbcce543361bfc99c37a92

SHA256
816404421b0063a56849b36f3828e91e4dbe2a9a013b8bb8f6c70c3704ff99ad

SHA512
d13e3a30bffac534621374bc97fd0d53cf94c6f1971c44b378e9b968cc0342ea53c6c3d5c330900897a90a3c2337d65ae74f4ad097b98b789140e3a269dc486a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24ddc686c85d69db60db3e3e5dd34457

SHA1
2497c1980bcddfce90fb7ae26b47fcd256a0b548

SHA256
c07a7dd0821c8ebc9de9a04e1db99c0554822b51a6eae00cb7e9c3ef24bf9c63

SHA512
782c0a3874de579e806188cc455bd979bf9146920bdd9720a834b275bacf1e9522c32082fcf2893493804b3539dc287457e7af0a5fc9eaed24599dea905a196f

Download Submit