3afb95f24005a1c4fa28cb2737741e9a494ed8db2aab19328f29bf26f39c4828

Analysis

max time kernel
1686s
max time network
1690s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/08/2024, 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download (12).jpg
Size

6KB
MD5

254d16ecdb273ee35743d794b625d1d6
SHA1

f036dfefcf5c8436e7b17fd1659fc19bc5c7aba9
SHA256

3afb95f24005a1c4fa28cb2737741e9a494ed8db2aab19328f29bf26f39c4828
SHA512

2418a07f50471e41070adbaf10111e14147a2efaea7dd765f5cb7b7d4c54573feda2950cb8cfde53617b91f38f7b539c2a1c23ed0c68edbbdb675ceff056e531
SSDEEP

96:Ufkok0l2sof7dqL6BHWSJFS+kAPQfbYaNMaHC3udEnuEhw3vXKV9gqmNG78lLg:UkoIHdZWM+APna29rnJW3v6ViTQE0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{40CDEAC0-3D3E-412B-B364-FE27E52B7C64}	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\download.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\download (1).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\18-and-abused.htm:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3952	msedge.exe
3952	msedge.exe
484	msedge.exe
484	msedge.exe
1636	msedge.exe
1636	msedge.exe
4704	identity_helper.exe
4704	identity_helper.exe
2028	msedge.exe
2028	msedge.exe
4796	msedge.exe
4796	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
4212	msedge.exe
4212	msedge.exe
1608	msedge.exe
1608	msedge.exe
2572	msedge.exe
2572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 484 wrote to memory of 4208	484	msedge.exe	82
PID 484 wrote to memory of 4208	484	msedge.exe	82
PID 1480 wrote to memory of 2340	1480	msedge.exe	84
PID 1480 wrote to memory of 2340	1480	msedge.exe	84
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 2112	484	msedge.exe	85
PID 484 wrote to memory of 3952	484	msedge.exe	86
PID 484 wrote to memory of 3952	484	msedge.exe	86
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87
PID 484 wrote to memory of 5088	484	msedge.exe	87

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\download (12).jpg"
1⤵
PID:1304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffba6dc3cb8,0x7ffba6dc3cc8,0x7ffba6dc3cd8
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1056 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6936 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7836 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10639849254472033275,2781856086490078334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffba6dc3cb8,0x7ffba6dc3cc8,0x7ffba6dc3cd8
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,1152615200637278161,9933980861551066292,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,1152615200637278161,9933980861551066292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c6d2b768e3ac659e9e2587f91bfbd00f

SHA1
0e2e77211e462406ced3544b68b529a02d143591

SHA256
b054f39d27fdff0f47ff28251e0725dd641b05cd4a16421b8600b73a1909fffe

SHA512
28660c0bedb61298be08ce817a6e50e2aa38ef9395081ef3aec856150022c778aecdfec4a9410e6eeddbc7aacb44845178ad9772abaa074bcf25a7cbb99bd2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b1b2548292f80f04c4a74882b9e38f09

SHA1
3c1eb815b8a8aad7f5ef35ff6be227f9eb43116a

SHA256
fc00b55aa3926671f80610c7ab22c9688588e82ecad71b2492f87d7c50095aff

SHA512
3861a01a6aeba626955203282c2eaa4e1772f8880e9e4b02337427ea2d2b677a9061b9301c6adf1e5f1141b0f5791af7e8b4047582a17b00fc9bdac095989467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c8fe263e177532ea93f84fe2e6f926e8

SHA1
ecdd855d1f964894ffac7d98ca556d179d856c5f

SHA256
ed250ba9fd51ef23273f5d21ede268d3a01b41e73324101064ae4d40481c19a1

SHA512
b56e0b91772f0b67d5b31d41d913b5f1e55fb4ea730cf89261d2993577fd366df8b16f56e480e47d6bbce8445a8ad9306052f802ebfccc6b952323efa2e6ea79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2c8b6915296e79db0650130de4176dce

SHA1
6deb44ca3e64292fd96c5709e84fc4f527f368bc

SHA256
9c296a3a3dee534a9450032b30faba9488a069fed81c717fea1fff8ceeb6a3b0

SHA512
e3a7179e860acf03d166677abea96b353bb993cd90da5881768da8e6ff98cf72a54f360bc499c4a5e9c8aafedc3abf797faf949c3cf69c475e0bd73b3883e686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9064fb6f5c45b169fc430ca754fdd81d

SHA1
78e420b4a966cc698d7d5059e422d9bf46ff1b2f

SHA256
a547213eedd28fdb2bbfa47d35f09f28b134a5107dbb9a0290b6b3909a61b0aa

SHA512
1286e53d8aba5fce3fd360a7230d560885a134fd9f0808ebfaeb84a10a7492713a29f9dfea23309548234c5146cc235a434b94b68ee24e6c57972eba8674cd22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
20e435cac9d055ae150b9773239a5b1c

SHA1
62f2917defa110886beceae3f72fb02f812fa29f

SHA256
7ab46afa9229249eba05fc8d2d9dd7f7ddc4dd63b12c8c35fc0bc5ed3ac1ec97

SHA512
f14037fb0eb46bc099124843043c19ccc19c38575c76dcec535dcae69f6d270b932b0b9ee882433cfaa5b405c01d25fd5b472e36388319a008c18cf131495961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bf49dd16619376cf02f8a99f7f5dca11

SHA1
4a01172bda3afad541435e6490ff7e2d7a48e554

SHA256
ae994678a47902d4daa0ed7196e8b4a2637454c0f334b45379edd7558728cf17

SHA512
6cc32bf7143155cdaf5f41abcdd1cfef7b3d2a4a6cb96d40a5544706f6ab8db1789af80c4e73290359abbc64f22dc00fc9b2f13d982a206596f982ff0ee0ce59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aded694b9757ede9fc9cdd4613a42571

SHA1
494b6ed456375bacaa7a58b353dddb6ddff7ebe6

SHA256
cbc05deff564aa53550a7ec9adb029a8b885e384980d14b0d96cdc34c42334ea

SHA512
1165ec5e8e158735fe20e4765a7a78169160d8f5406199c96bc28f44311e3d18089bf33824927d175a31efeacb592822e39d14c6369149b6cbb96d1369f2314b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ddc3c141e05a95b554262ffc04ceb702

SHA1
b80121dfe56d3bdec3127779fe637bac234d3acc

SHA256
cf860970f5df7a8006b35ce22b39f0d38a49704d3ca4d70629dda72012e3d26f

SHA512
6f0a95bc85c6547c0192aa62757f86dd2f32489a561274a9f99a5053eca2e03a8fa619f626f13e690adab04e7189802e17bf34e1941593b5bb48e6c73e39b09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d75c0ef317d369d61e985d82a50d3ce2

SHA1
919d410223a10a058ee4d856cfa9032325675d2f

SHA256
c993646684dc61b3e9cdb563698c2cae6383cde269a994e1b86dfb8568e0cb82

SHA512
d489bc619be69720c713422c17e94455189ac3d9aa73904fc4b42b387b4cbc8ca2868c4e9874bd6e6d675d785631de51a056aa9cc8fbd8c40f6e39a59a5c8333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0dcba35867ceeb475fe1646d4a259139

SHA1
55981b2c15f9f3c72dcea886ab50504d7baff827

SHA256
3ce6700aa075136161ccadd78ca1e32ad5f5e15054b76a10ed3f0c77d76f569f

SHA512
d6a37b8d29d3c3c9edfa10705b7b8d2069edac1fcbf907d8c3ef16e551ed818783d58f030c3539ae62bb7994a2694d896f518654109a1dbb63eedac065f37ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31dd5d47555456afb1ece5cd5e1f7611

SHA1
458a2b16b04ae76b9ed278fec0e35d396de1a753

SHA256
22d65775b7876bbd051945ef7122d5bd913088c21ec8258297e537c95f83f46a

SHA512
09c14b6edbe35aad783640cb5a007dfabd996f48f53d2e7b7d1fea027d62ee7ba3d44bd387180544b7071d7eac4c12bb23524f9f351270fd74373551bec06cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63d195a0b6934502d4b7fa6957c2861e

SHA1
eb86040e54514830d1fad6c93b974a485fd6627a

SHA256
f46566e6f6d968d301cd713d134b999c288d164572d0d18c96d5f9e857ebe109

SHA512
5e148f1102c177157d8f5a1a1b3e32a938c2f359e606bfc3c44be957051b00ba6d52501bde7e142b94f4bf375adc477e87f7a47290fc7ed7393fa420f06b0812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0ce1f359115170633ed1dc87885cd084

SHA1
b56393cae3c851df4f9118a20725920ff2f6450d

SHA256
b9fecd53cac79497226485983903e94f59b7b4c4760665298431eacf18f433d0

SHA512
a28ddf43b6aba4187dda6ae59b3b77554080c011125b9d828b8ac329cc551c0edee92e0b3a44401d871f65dd7fe12e831bb638ff359a6e4ea1be76a0cceece99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
59a22c93a5be8ccb37a4cd960f0c2d3f

SHA1
bdff79b32d2ad0cb4a3cc358427216929559f863

SHA256
e6c31a5908ac5a1bb803d7e09ae43bfec96c12663a22d83866140f4d158db86a

SHA512
d6f35c4c440d1673c3cdcfe7e81c076b0be6339639874a3ef5ad46908550c8b596dc1ebec2c00c1b810f869984d11ae2d59f7de78a00e67ea2001a345e110224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
03f4b78cce914e90484cc9d8d91260ad

SHA1
4daf8a74f33d64808a8755be5f1017f13273d35a

SHA256
1b3822c9f1caaa5437c813c5e57472062c7c4d1ec416c2521977a19faad29e33

SHA512
ddf4eb11855917e9811921dcdb401a25aae16681e4594c72f03e92af820afac46ca8c14bdde4c71374069deabe84632f1d0bfa5d8b106df427003ff9f02c2797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f24c398747ef6f67084e9ebaf67901e5

SHA1
7142c8fdfab95e2a5aa53da6ea239adabf29b7e2

SHA256
44264f0567c8979373b2e23cd9b1184e88009e07973266b2967fe6edf9eaf391

SHA512
406da7088cdc337c9becde5cc743b00de1c8d7edeba2317f17f3df9eaaf6098b5b4b81708064a2a88c416aec8c46e0dc23f157faa68446ee019759d9848c5883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b1d93117fd313dd5c353863a92c08a1e

SHA1
d79b4aba56dd4d3f24825c044ed2e6e226826ce3

SHA256
448fde4e1dfa58c71c01059ee0fef47de7b51783178f11e6046c182defa9f727

SHA512
a967f9d0e82530d83736def30f337d278f880854d50e47f39b2bd3d7d31e50c71f3d321fe749796267e2176b1be536d0f992980019288cf76915d355a945c026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eeb22c884f6ddfbe3252d313eaa6ce00

SHA1
c844044ce67dae4ec6082d9e52f42f974c146fce

SHA256
1cf4cccbe98ff5eec21dbf05feff79568f0c242f4f4b38b1375c14cb0692e373

SHA512
825d6c625de62da2d712fc201b7e4307a31288241948569134ea79bc297929e33f26d5b0e820e674518a37e08378c19a1193258742884570dce5feab216a2dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e07708787c3926e8b910efb8b26c255b

SHA1
f2baaa3758b23d0d545dcb7c8709ecd055f35f47

SHA256
f35a87c43308f7c0e398979360e1736566f57c5ff9bfbc06f4abe71062d8820c

SHA512
3489179de15d6d2d439f35a1e10a9857241f9ef07a4c02b5ecd1c0f3f92e21c3ae8791f36015bc0f9e4bf95959f1b0c28ac6af261237e281cd1fe77856fe538f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
162b4dfd8b3cc23598dc495014b19804

SHA1
dde0fc658099c383e1c3ed4709b39567b1961ffe

SHA256
27c129c2e9760cc6047280b95dde67232ee2e3b39dabc4543d105fb58d3d3bd2

SHA512
fc2abe2666b85c080ba1f295d421d5ebc3ecef4a218d1e5125b862b964caf8abde71789bfba5d3a57e19fb48e2d565f3c3c3f948400b9a059d28e6de258606c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
532b66d8be9f2e7b6408284706ec8944

SHA1
4895b10ff56a526c9e0e1f705bb41fc2596c4207

SHA256
9990a8999d0550acb8185a54f1debfc33dceb9ad2de15549d1a616f8f7f94961

SHA512
83bf6ea8ff8d5afbf1a78012d8e4b8c6af8c828fd2b1855cb37cb6ea6826f2ac3931ff977b586907efbb0978a94eb1fe351b5edf869829db9ccf07300c0b4c24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
feacbd61dee7a79e1fde635d5f50f7ca

SHA1
9ac7d83bb4221031e1dbfc3a3c767e841d246345

SHA256
c96c140cc234c3564e7484e177193be7b27509a0896950ce912c4edd0b2eaa5d

SHA512
17e8ca8c5b9e150dbbbaac4357e98b8b3e201f6be7e7efbc988d44b10ac75682a982c0cf1b3280e8be1a79106e0fb54f4da6bfdf7ae4e6314fe850fac21ef3fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b90fe5b1b4e70c1e0bc4796a0d7dd29

SHA1
fa96eb81f14af0152da4343c1b93fdc4a4fda056

SHA256
b09a26ab2985b1e7aeaaa9c3f28488f582ac5b7b73bb9f6fffdf773cf0a3abd3

SHA512
500b318570da15ef5a9359ba850b18b444590a2528c3ac75e55dcb99f917d7ae3ea64a7f174c148a526596dbf9e1d74d0f121eaef299ac92cd1c643759b8e3f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cf35732f7eed86e2d523b21de3229682

SHA1
8cbed22c81dc7bb06cddd7b24bcee98cae269fdd

SHA256
6abbe80dcfd73badbda3fb3215e84664bd785a02992c861c111c9c3f13853324

SHA512
6e15650422e4a9c28655debd042c52e80d24124d0914880c4d41080ab1bdf61bc621f36f1c39fdeca2c04b720335f090534d902fee27c58f1d1e0727e0f4fbbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2382125f2e5373cfe0edc6a0265c46b

SHA1
d5b4b385af9e9abb1655ef1085c792ecd3cdf0f3

SHA256
c382a387740e953aef43e57c5f068f4d578f25c0a7eafd3522f0da70c8f04dc9

SHA512
cab78a997e5c49112e153a4e62d61bf8901ca5d9fad8c209762bc5acce5ff88a85ef33b4bfa5933bc977ce6da97090caa1983ef53f90b26b46097ca2e1ed9e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c966d1e9cbb2993da246cda52d93721c

SHA1
29c8f17be27d06872f8948476739a555ca1d9dfa

SHA256
8fab4ae85800d82ad2e50b0d397ed85be8ee89e862d1597eda572ba9fbfa453b

SHA512
1c04d67c9102cda52717aaff4580d87dae84d32426ade2a857f6e4044460f57fc01a11053ed99fdb99385b659eba057b2ea7457eb281fce3248b4b480f0d95b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0eb9462091e99feb8ec551c7890e156e

SHA1
4e8711d10305117461e5e1fc480f4e5283728ef0

SHA256
fc5e68835bae26eb2f72853a9258520a7934655b2cd6b2683f510cc02cd1eda3

SHA512
f2ca59f8a612c03ecbaeda680a82b0d153c102a718bb80c445d6e78e655e4a7a56f2320b3560b33b58d972c2de85c85b878b6d8b808fe2d38e0d906ad10472e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d8c2673134f980e5d350234c2351cdc3

SHA1
b51d409d3e047508088f2989c71af1e955a4394e

SHA256
31d37636ae119d49bf77f3d40ab17d7bcd363be4e72b6e852af8b6d6730fbd96

SHA512
5605848e7a4a1d16dec4bc15aae6b20ac886f6a71b136a2477e5cf0e128c81e7f8e82d156ebc23e9064de0d180813ca22019bd02021d1422cf80ad85be88e1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586d0d.TMP

Filesize
873B

MD5
ddac8ee691d0f05ec8785800de412d9f

SHA1
e7270be6983e68833974cc8f11c3331123f3ee82

SHA256
cd31491fbaec8467cc96ee2ac2f102f1ce0802aa2cf4908edb0e0b84edeca8d5

SHA512
b17c98370ce468323e5aca53b0d49f835d190ae1615830d9ecbe1c73aa3e24b89833713786b877057ce746489545fa615b18f3d0fe93c0d25b2dc147fce348d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eab41bb96fc30e043f7d5c23b325e3a2

SHA1
cfb9240167761b09dda800bce9697d42e2077db6

SHA256
911fcb9a018ff066f68bbdb5ffef7ebe81e3f3ab9438f3d50e4abe6d417bcd6d

SHA512
702e6a4826f235ba3cbfb0f5b127d5b89729da69b8f552f5cd04d0108bb58a9d4274e4e2d0d2a21ac6d65f909b9f1d2c07077d8c96e925478d5d07205c5713c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
612ea4f94fc79530e28bc76444c6db5a

SHA1
e4c393342e88407eaa7894c1eac4ef88fc3bdce7

SHA256
f755d9816f7d31c42c6c1c1c750bf34de2cac3c649217aeb1739d373382e5ff3

SHA512
4c90a2c2e894915417878c71a80a5bb03b5d3df837edbf0adf202cd992ea2b38e88a2998f168544c5171968eafc2658c4b8114e63835792d64c87387796ddfb2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
fbe45c33660a327fb6bd5c9b3ac5b932

SHA1
418ce255e0c9a082c59ae2abe3ebd470bf046a09

SHA256
f5059b91323e56877d46c492e6c6460eda177c522daf75a732f657454a705a59

SHA512
221b2649090e254b43d3bc5fb8759988359073a23acc0dce88790eec5abe707f6465ccf4d1d19f98aefadb2de56a4a7b8cb8083be444fd01e546e6647f0075c8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
21d252e0f12c9cef03b530b155f1cba4

SHA1
c7605d383b040fcff9777486102d37fa47001992

SHA256
b0bb05da8783ce1f2a03c82116c261f6f6415787e7d3aadcee1f62dc46fb75ca

SHA512
aa3fa4b952957e71db6bfd92991fd8e041b3b3d065d6a8e18e7e4f1112f0cda904f509abfd8aa350b2f6bac05634e4012afd716a62766cef21ca07c280b9017d

Download Submit
C:\Users\Admin\Downloads\18-and-abused.htm:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\download (1).htm:Zone.Identifier

Filesize
202B

MD5
ae293963461e35302db5200833b5df08

SHA1
e3819c43c95ef1cee3cd2c2da1227eae419094d4

SHA256
4532398335d52d0bbbd58fa5a4a06ebf821bb76a40055d1182b15768d2e0df0d

SHA512
af320d816fd7ce00c8d7d4e7106d7a4f37ef5eda83d227f108a1ff5f825178656f2e060ddd58fdae9acc799cdde09986787dad9996457ccf3d0488ca3713b7a2

Download Submit
C:\Users\Admin\Downloads\download.htm:Zone.Identifier

Filesize
187B

MD5
1ed7213b5a7627a2a4fd7e7332181482

SHA1
4d83f066053f89d03ebcad61a3d7ec986711ab14

SHA256
a1d680468fb68aaf18f4944062c0cbad6986606cc1135329d5714c807871bf85

SHA512
3fa56d7f81cf9c8ca18a5bd8136e42034d26bd7cbfd95714e6c3aa8cfdb1e79a499f4f2afe9ad05422e12306d2051a4b72a768cd0b601d5e5e3eae6bf111a559

Download Submit