hxxps://metroelectrical-my[.]sharepoint[.]com/[:]f[:]/p/aconner/EnCdDGg9xKNJog7uXyt2ZJUBnaCniqHYT3nXK67AJS9LnQ?e=d3mlMt

Resubmissions

06/08/2024, 08:04

240806-jyaemaxgkf 3

06/08/2024, 07:29

240806-jbe2laxcke 3

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://metroelectrical-my.sharepoint.com/:f:/p/aconner/EnCdDGg9xKNJog7uXyt2ZJUBnaCniqHYT3nXK67AJS9LnQ?e=d3mlMt

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{5C90985B-B0BA-413A-A061-8F2765C6106B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
1716	msedge.exe
1716	msedge.exe
3420	identity_helper.exe
3420	identity_helper.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 4912	1716	msedge.exe	84
PID 1716 wrote to memory of 4912	1716	msedge.exe	84
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 2352	1716	msedge.exe	85
PID 1716 wrote to memory of 1192	1716	msedge.exe	86
PID 1716 wrote to memory of 1192	1716	msedge.exe	86
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87
PID 1716 wrote to memory of 4740	1716	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://metroelectrical-my.sharepoint.com/:f:/p/aconner/EnCdDGg9xKNJog7uXyt2ZJUBnaCniqHYT3nXK67AJS9LnQ?e=d3mlMt
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccaf746f8,0x7ffccaf74708,0x7ffccaf74718
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6676 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10848302422431438150,10386511197553763150,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
38KB

MD5
6f5531b8b337cc803ad4727e79ab2743

SHA1
a0abbd08bbe5d43e95e129a4bcddc699c25de8ad

SHA256
10e1189d8a2808f03e441e9d5314cc3f3248fe37c041c2af55f835d019a1f1c8

SHA512
f8f7d462f94c69539cc203dc2dc8cfd7b5fe88c531a796a6657c4cd64e79066903ac0951a69b3340a34108456efa6d792ee8980f23ffc4faca4cc6b37d31ea7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000174

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4bfab55ee2195593f7009dd99c2afa03

SHA1
fe3c6a8ab5e1a5ac02fe5d0bcff0c0cd277d6e44

SHA256
213a91383b6df19a96fde0fc07dcb48ae16abafeb4a9bd84ebd655918d342bc7

SHA512
480606b47feb8c17e2445281adff0714ae84ba46df9b7f44e39be0cad970fc6af81159245369ee5bbcabfa12e33ecb665d31d33e90b1da92a63ef620ec65c505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
22c24c50c46d5de2e278747f52121cca

SHA1
c0ee23cfc4cb2c94aac075722137472e5409ebc1

SHA256
d00463e26a4a9aaff2f8bc1870d235b3e403031e6d628b10a4848930a1b8f64f

SHA512
d979da6c154ef0058d67e423fe94766fca0c61be1bd7e14ab9c5bc495bdc88da3be498c9c1a6026a3d4df86fad9742dc5ad0148a0e5c525db55807e3af6970dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6c7fb0e62b448126ea6f661ee1151263

SHA1
e8d5dec36b1c10051985347d6bbbac061be2c839

SHA256
258fb309821e5c41bbbabad836236d35c0ad63632a29354a040397deeb2c422b

SHA512
6dd730f717d71ba987119ff2badef6d026a24cecee26652ed6332c9acf0fa5c8657f4444f2a9cf2514de608fb747fddb79b9d6f8937dd6df9b0b62583692302d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4840710c7fa0c0b81744592bdc22b21d

SHA1
a7f8aa9b4ecde761673141c233d75ad2699d24a7

SHA256
b27ad310f540970e33dbc0839185ec71f23a2d02fd30f91430cfae4669c6db82

SHA512
feda809bd8978daf095a434f463909ef0cdff0ed13c797fda23e1fb14ca4708904c9adb5dd841daab878361d7ee4c62068cad154edd86ec8fbb5d0a3c75e376c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ff633e9663cd6467fbd79765f6c1439

SHA1
d1e9e92238c314d867948c1af67dec112ec9e5b5

SHA256
5e073fa510872071796be30794d71327c5ca2c775b0ca8184fc69b2bbdbf68e5

SHA512
6755775c5c41c1becdad78175836e6b41c68e1f8d53ea3f6288dfb35d182da004c733e92c1925bed07216751e261391ecc5f6803c6bb5698fffe7a9c14ae03c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fbf9bd8d2dc53bc986afe99a4f054208

SHA1
000184df0ad7a6f99c1d7a7f97eb908f6d4f2a3b

SHA256
22d8f45a0c9b29af92292d5f08f0db7c461a82e3cfc105594ec9c8d8cab8b35b

SHA512
a6b5c83070fcbfb60cca40f7d044592e578d36be354e67dbf7fd33d21e1238a92452455a2a9db4fcc456b63de9276dec32baf818fbfe524509717e149ad517b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
36880e7b9e6910a1fdc06930bc8a30e7

SHA1
4e0c6955b12df74acb479c1a4b8918f96afc864a

SHA256
4ba618c0a7b0fc1f711395019cb87dff7d8e93f39923920af9336c9e73772039

SHA512
f33d0775f83419b6a75c7d08dd7708181a27a0fe89f878fc4149603dd232bd2870d1c4c177f51f7cf253b8b71ebc46b0ffd7df81cd3383c7d4fa4a4a98a95ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5294b6dd0942667b08c1802bfd24de0d

SHA1
87e46c027a22c2d7fa94ffc2e05b0c673d95131f

SHA256
c695dbe24420568c9fb9962273987da7f482a9aef07dee52a4f5e538f775fef0

SHA512
9a44bfe6ca7cfb49bcbc6141a7d880c1df836cb525b6e1a271d86485b27e0346a4ae912d17c353372bf290ebc55dbf92664aa3847a924d9dd491773f59d179fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6ff219666a30f023d03a41d3fcc77d05

SHA1
68cb757276b96446e32b7ebf0310708a56ac172b

SHA256
cf15fabeba79d3759c79beb87035154c7cdf9250fada939c516c0487bed4efd2

SHA512
a465b7894d6bf29829fe0dfc0855b16503b7f45c630edf8462f564c938f6c0197500021a597e3cbd0f4f90631135310503a45c1a1f1178d47b9454f70b033622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\16562db01cba2c0bbd43e00973a157edd7eebaf6\34ab812c-4598-4755-a179-935aa70663ee\index-dir\the-real-index

Filesize
120B

MD5
7018c23fc7e781646e51c45352261d64

SHA1
b5ceac85429013084b424517721edfd08959658a

SHA256
e25dffa1e3e6fe28020630f397099f4de027e5d80d536542fdbc146de0307485

SHA512
2bae8910d96b47dfd97fbb667d8f52a37201ae06d37e419e272a2ada6365a890ef154cf7c2684471bd48902a001e4110375261d141354acccb993c075d2da289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\16562db01cba2c0bbd43e00973a157edd7eebaf6\34ab812c-4598-4755-a179-935aa70663ee\index-dir\the-real-index~RFe58b5ce.TMP

Filesize
48B

MD5
758f008100ca07840de7a77c444eeab4

SHA1
36b207106e0bd1dd4cc9f74d185ef0fde0dfa8b1

SHA256
efe5a2ae99dd9bd5856d245405012ce0b44b793f6e0a623b87cb676474b75a05

SHA512
24050d7df46c01145ea7d354a78ea9e8daf98e7caed3e2afe08620849d4fee0d390e7df6159bd574e5879576674113cbb9300c86577d0f77b94f012f24e25f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\16562db01cba2c0bbd43e00973a157edd7eebaf6\34ab812c-4598-4755-a179-935aa70663ee\todelete_7a48c130a6a40c0e_0_2

Filesize
142KB

MD5
e756f2412ce26dc43f3e3cbf2b6694a1

SHA1
8301a6149551c1a7bbe7b75e743a31243ccec7b7

SHA256
529adb904623876458fc591168a231875067e024c450ee4cf32d5828b62a873b

SHA512
3bee1177c84ae44ce4ea562d35f5b905ba0d63554f6f13e2476ba13771fa53153ebab991a3007cf333864cf2fd95f3ecf01325f4490de89dd59384f13672df89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\16562db01cba2c0bbd43e00973a157edd7eebaf6\34ab812c-4598-4755-a179-935aa70663ee\todelete_7a48c130a6a40c0e_1_2

Filesize
288KB

MD5
8d7659fea0de23bfb150d35ff7e81558

SHA1
1c4edf3fa2542ff5bcab67441b26dfde0951e26e

SHA256
c84ebc5ab530322e4d1dd349c5898995493fe19834bfaf0114dbdf5dd0763026

SHA512
0e9340ca4ab9e2185a243b9bb3a8671b835e34b259f9980a5349d393c9ac6c210f399ef90da783f25034a7d7d7c5fdcb92cca0e81062cb6087cd688de54bd85b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\16562db01cba2c0bbd43e00973a157edd7eebaf6\98ab08a5-faa0-44be-80c9-d85bb09c61a0\index-dir\the-real-index

Filesize
768B

MD5
8b685d01aff314665ef38499b23b105f

SHA1
ed78cd49b6b096363107c3abb13dea84ad1dbb8c

SHA256
ed040c48e11db7fd0ab7be8cde95a2338d65a725e1ec8dcb451bbd4464d59c1a

SHA512
8042bee581e51f5cd28d0e377fb5465afc49f8ba8eb40d3b52014407acbf6896f1e0ecd07cf6324d59e49036d1b3be6f202f94f64946172c86964ec8cb1a3057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\16562db01cba2c0bbd43e00973a157edd7eebaf6\98ab08a5-faa0-44be-80c9-d85bb09c61a0\index-dir\the-real-index~RFe58b8eb.TMP

Filesize
48B

MD5
6c23ee12332494ec0f2e4d86452613ae

SHA1
6d68226b6a583ceb4bfc6194ef2ab3aa807fc705

SHA256
d5bf696adaf9743eba400fe1a46e26885b460cbd008bbb5e61a8bc252171decb

SHA512
3516933871944e330b205fa6f0ba4f638ce95448c4619442bde42e9f76f405754ccddd16d8c472f9a9c7f41e3a41c29cc06003258661a593724c6dd14319a0f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\16562db01cba2c0bbd43e00973a157edd7eebaf6\cce98078-c714-4e38-83b5-f757a8357470\index-dir\the-real-index

Filesize
33KB

MD5
b1ac59fe9560c29b9217709a34eec627

SHA1
3f8af5df642d23c5b472db8115133d4db382eee3

SHA256
b630fa20e39d260ce84e574179c8c9cad8e1c2d35d68a8b1c9b9bb3703827233

SHA512
f0450faeb5ad3f211663677e77fb0c35b45fd3e20bd800743d41cc93a461079ee53b7a0ffa5a3f3e8510703ef4a0815a097d77d9d0d718a4a5eb6aaeeef9ff6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\16562db01cba2c0bbd43e00973a157edd7eebaf6\cce98078-c714-4e38-83b5-f757a8357470\index-dir\the-real-index~RFe58d675.TMP

Filesize
48B

MD5
6250f48a678fe83141ea828e160b4ff3

SHA1
18630da77e84c9ab7459eefe97b75d94d1e73d72

SHA256
596060ea81e5f9c219aa486f9401973094a1c871e9ead760b35d5dce70850a50

SHA512
cb205725da9cedeb53517f46bbde01098b0e382321c1d4529d97c08216ea81431a7ef6328500ee8fb7d6bb7ad7f5ed7a84e1e75c6bdc017c7111eed1b95486dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\16562db01cba2c0bbd43e00973a157edd7eebaf6\index.txt

Filesize
185B

MD5
bc075506a294619522ec01c3ea02f87e

SHA1
4b894fc62f836104cb5efb99cb7a603c2005db8e

SHA256
0cd9d793db9c5b1997ee232fb44ec9081081d2c987d144cb1913c9cb538e6e5b

SHA512
4ac9dbf227677757dd7164290b9170cf892c1245291658e7ad5ea7db35821c4173e63c4e4844e79700b142f4be7b66c5398f4f42a6938c31b93f3492b9e67171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\16562db01cba2c0bbd43e00973a157edd7eebaf6\index.txt

Filesize
252B

MD5
61dbe2f346bebc10774f60cb2df81f19

SHA1
39388b7ab50d9bf1209e8f300243929723e1ad33

SHA256
988754bfb4cd22449ba26e2b2979b38e5f758f8cc36b0923afa8186ecd8f8656

SHA512
49a93b1f551c15b07f8120a2090a19518704f62b175ce58c17a937ba6ada442007223818fc08d9c67eb46ad32b18d1aad77d5b2a9f7c1829388376d863c8e174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\16562db01cba2c0bbd43e00973a157edd7eebaf6\index.txt

Filesize
108B

MD5
7bbe1d5b6a6d43c8d950f9985b19dc7f

SHA1
e274a913bee23b3f1a61a0e61aef122ae4798c00

SHA256
a202ca48d9a9bf156db159803aa7b47ef79930f62806b4ec30e6516132da2f50

SHA512
502c6a08a8d5dfb77c373c6de46ba1683e1240f59e3b2789b6e618f045445f8e8f020eb6bbe7be0ae99b7591e244215e4c936a6428f2a3551cd023b3f30ad082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\16562db01cba2c0bbd43e00973a157edd7eebaf6\index.txt

Filesize
247B

MD5
0f302b82df58286d85a18ca4df69dc90

SHA1
3e1d23b371a30bcf750ab66a7c35e5ff1d66d9ad

SHA256
c945a9562f434b2e9afd868712aa308fe4f84a969a53bad7a25a8d73e7c7002b

SHA512
f2009b21bc01a1138801a8998fee85969a433f02df5cdb32e454650bed1f4e1b4c27751909f18dadf831a0ee2d09cbe6adede8198803c8e259a40f48acfd5e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\16562db01cba2c0bbd43e00973a157edd7eebaf6\index.txt~RFe57f8b8.TMP

Filesize
115B

MD5
c665bb26d0c9eb5a7c2a96ecb640a058

SHA1
7ccf08e799e169cbf51252eb63cc3255c09b51b3

SHA256
9bf1c0da7fdb4e8c9222943433e6b1c579267c0bd1976aa13807a5b60932561a

SHA512
0a7a181e4c3f35233abd2ca395e3cd8ba4d6279ccb639bb6db20a84870ae046ab75e9714b8b12cb7aa6af13db59eea0c28b68b54a3c6106d7dc06d5fe6600e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
097191112eed031265d5c8927d3dd53f

SHA1
37e0fb69e58f708b84866f8ec1bec79ccc61cb08

SHA256
b824b4a65a9d6637cd40085fb5222f15610a0c31c4fe2ec48938cb9ebaf42999

SHA512
0059318d8d3981dc18ac6ac84f3173d0c952ab00534c4ce60490e5ca54014fbd36c8563be4ee2ff188c22f88f1e8c70d9e010b56ec3ea9fe8e4670ac7ad3d087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
43e19c00c13496448d14a49fd08b33ca

SHA1
030f2ad7c136fd0da72e861159993c32f28cf57b

SHA256
9e9e887fee5378ea97f12449921618c35d6fe51397f753eae34fceccbc5576fc

SHA512
1f0e8793c13c5443b125d43509c4f7d8193a76c4ee866bcc458f40883af671e7a3df4b558f3b0697743512926acdee39b56e8db1917ffa9dc7f0a3fc04268d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f889.TMP

Filesize
48B

MD5
d1e961df2dddbd8bd9abe91ec6bcb8c1

SHA1
3c679b3c635184e21c9a4678dcf68c8303d64fd5

SHA256
312fc68f7ddffa6e24387919f89e415f3ab04061ee8ede0de5535e960a6deee5

SHA512
cc252d83089123e7132925e8e0111133b0944a6b964d890dfb1a7b3e480f36f66e6fe4330a494a9138e55598208eaf9957ce201a76e8a9bb2fca0d948d28e99c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
638d6224dde85fed802a094d5207ce9e

SHA1
b9d02e02b833f5ca7e8aef1ff18f4fdc964153a3

SHA256
9939224bae468add7bd5dcbb66349d44193d4d762f27942811abf559ecf2e57a

SHA512
d585234f81436bb9d4c0ea6ac609bbf0dc1879ad035bf61de794ab6d5816206b3742384ca94f78fc71e4df0fa1e358903f37e8fc9f46995cfd43490ab1be7c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1906f01f9ce99ccf8c7aa7ac52eba443

SHA1
26c187bb69118744fbbadecf4f76d6cf4b6dba3e

SHA256
0525f264d78e1d7db2a82e53599b37d6e6b071da2103416cb4d1887b9468cfa7

SHA512
b64b638033679c663f6a2949b6c5b1a0a72f6be053fae1b0cbc15a52c4b8b42d4a9718698e3e5fbeb3eda7f6cc343243d2929c3af90c5c64ae5221fa2a7b5aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f96084971f44dae98993b0bb6fd9ffe9

SHA1
cd7465ec12797044da8449b0b468623e198bc1ab

SHA256
88a7c493524a05cb5647e78c7cac34d4dd9f4c28b3e7deaa45ed5339e3cce678

SHA512
b3bea3453f1eee45d5e64dfc82661f30e769aebbc716bddb52d7f1be976dc6416b86c4f44055cfa8ff999d641a52d6f650cbeed42ef508f18200ff5768ab75d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5c3922c8159336c4689b086de4524344

SHA1
06fc3da2d7b8141721e53b052aad63af74d20c75

SHA256
5926412c0bb4469b969433631eedfb8d6627295efbbf2f615d4f624ac0a938ed

SHA512
d636626d1bbc1c7ed34d2a94b41ed734ad7936ef5bf8e6af5021dcebb3075a993523e74dfdee3c7c9428f3b12667f4e6d04a1a9f086d1925a57f742f4d34980b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eb89.TMP

Filesize
1KB

MD5
75e9752062501f3902a4f267cac540ab

SHA1
3498c4a7a26ea00e415c49b2e07358f2495a700c

SHA256
7302e8ba3f2d702967e17e4e651db3a0e5459ba2f4826768f2453a2bf117aca3

SHA512
01e9c8fc1439f5dfb24aacfa5ead97ff74a39a0926392611f8d8e5869c17a55835912d683dae229cf13c3f4dba07fb5a3d23a5a77bee41e7255aadaa4b21e069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\add8244d-ac08-4ee8-ba84-f447d1a482c0.tmp

Filesize
2KB

MD5
4865d76fa7926a7e1fe838a8b1bd59e8

SHA1
39a3b43918d97d40212ee82abc4b82acbb60eee0

SHA256
667ff9ca7d67464c9cff20900843d0a3ed504fc457c756168b3be4bed905a266

SHA512
fea4a2a836bd686839d460d27eb80c195bc966ac12a69f0c72026a3e56e257754ccd4034e9d8a5211830cb1391d17fa108c63d2de43fffb061f1f57820080fec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6c95eb55436eb9cda4179f97c6ef62e0

SHA1
2e1b120e8868b69c09ff8ed8cc304d0a55604b57

SHA256
3fca81722a60a8f8852733808e5632ded9c1fcc067011cdfdf76a113317a1cdd

SHA512
b3eda05dcebee3ff4f8364bc2104acea2b7fa45c2a00794a2a669b11798b20815b931fa2e6df273d2bf36d4f4cd191760c89387a193c1ceea9c872a483d994b0

Download Submit