hxxps://816b462f[.]5880c482d0a3061180a519e9[.]workers[.]dev/?qrc=abc@test[.]com

Resubmissions

18/10/2024, 08:45

241018-knxmvazgjp 8

18/10/2024, 08:37

18/10/2024, 08:36

18/10/2024, 07:54

18/10/2024, 07:44

Analysis

max time kernel
388s
max time network
385s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18/10/2024, 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://816b462f.5880c482d0a3061180a519e9.workers.dev/[email protected]

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5208	msedge.exe
5208	msedge.exe
916	msedge.exe
916	msedge.exe
1388	msedge.exe
1388	msedge.exe
2288	identity_helper.exe
2288	identity_helper.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 2044	916	msedge.exe	77
PID 916 wrote to memory of 2044	916	msedge.exe	77
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5644	916	msedge.exe	78
PID 916 wrote to memory of 5208	916	msedge.exe	79
PID 916 wrote to memory of 5208	916	msedge.exe	79
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80
PID 916 wrote to memory of 2928	916	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://816b462f.5880c482d0a3061180a519e9.workers.dev/[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaf6b93cb8,0x7ffaf6b93cc8,0x7ffaf6b93cd8
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6540 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044952347846103689,3404049263097645245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:1196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
19KB

MD5
f0de9a98dbdfa8c02742ce6d92fb2524

SHA1
cdec682aeb9e39edccc2374dab26f04db754a8b5

SHA256
faf4294f27a542b0f9ea2a7cb2711529ab027cd84a5f5badfae752100855e6be

SHA512
856fc9ab199997e69a9487372bc0083564f7115b3e0678cf1d542b9864e9a88d5ffb85697fd93538dc9439071e3bcd4b8bccbfc610e1a45de104d6362d8adcd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
175KB

MD5
7107c752f3901d95bdc4e9d46ac2b6d8

SHA1
747a0d933dc2ef38a98fa11a44ba661ec6a5eae3

SHA256
c4a5ecaf090da5f8115afcf0d4b723810054ecf3de31acc5ea6d48f9eb2d4111

SHA512
71d4ff3fa6c9a902b299302109d034d4610ac8a31ace170f09a3f66bd0d1259c41361fc29f2205fec6eb49995ffc73563399a6ccc536b8412bf1064485caabd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
159KB

MD5
78450fe21afa3391dc4dc62d5f1e09f2

SHA1
8aed39e81b26f10dd32c5b131eb7493d6d41b06a

SHA256
4903f015531ad7a745aa8c5155780c51adba6e0f671607c3fa1447795f33b794

SHA512
46db3beebdbfc0ae2b4e6d8f015e0f122851cf57662d5f445e2c4cd4f7ca2097690a610247e08f789685411d75b018cc35bc0a679b4dcf9e68c9fa164f347256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
165KB

MD5
34049e45a502035c1ee78f0b0967588e

SHA1
dd604c54963f4ae0cb4cc1c6890b66822a6d7b82

SHA256
a84c114bbb185448de945b27fca0b6ee207f4801505e3046f35db050f4720eaf

SHA512
07b046af74583dc5ccb2dd1a636042b36dd4ee50aa6e7a3871cc26bec7aee823dcb2ef8bae3f465a374b04ae92b8cfb90f41ad3a76a0d2db1b6ca764d8eb204c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
142KB

MD5
d1e0216a2cc3db1dd95ad3230a39a0ca

SHA1
a629d848286dcdb6876631bdd3bfd7dc6e05422d

SHA256
b41f67ebf201d922b8668a628078e11dbece1fdf875d1df93495c3ba3cd31372

SHA512
50f8b14adf524175f2867c7e198c71f78a5b9a1c2447229a418c382519299820ea1f0dc77af121c58ea116e2cfb4163b62c961cdb7091fcc4e9691d6135f3883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
43KB

MD5
820f40594a0e8d5f9d58546208aa9060

SHA1
e17ed5116a34c432013a244c979ac9da53829d74

SHA256
f8f708049e1e1609af3959cd21eaf313c8192d3e962887a7a2e1f9b353d3fc80

SHA512
95879b255a90ccdc41c8696bf7aa05796db56528fc4be78f2d13eb2233740ac8cf0f92bdeaa169ebc5c745f3e76ee9fc67d2626160b9e01c5f5a19b8cbea605f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
672KB

MD5
3e89ae909c6a8d8c56396830471f3373

SHA1
2632f95a5be7e4c589402bf76e800a8151cd036b

SHA256
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099

SHA512
e7dbe4e95d58f48a0c8e3ed1f489dcf8fbf39c3db27889813b43ee95454deca2816ac1e195e61a844cc9351e04f97afa271b37cab3fc522809ce2be85cc1b8f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
f37f6fc28fd0e62761fe922a5873b72f

SHA1
7fbe71c5f60202d40772777f64f0e80414d07b93

SHA256
265b0b38fe4fa50fbcc23da916a8ac925d515b65b5c59ff6ee90f1fa302d8112

SHA512
468522790f7d0b5fa1b5bbcfe411b79eaf25bca7f118ed8b4686db89b189e6a69490762caca55eeebdc6fff3ee4373265958003ee40b35077de93a4046775a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
64825a27e9bb11c29e374d82790f923a

SHA1
fa6bcf3d6bc238441f9c84cb387f309848b82033

SHA256
cda99674c28ea36717f09f9b6e10a2e6e73b92d04fa94a77ff3956cd4e8f203b

SHA512
86fc22e0286faf6d07e62bb5f79fe3e77915ede5c3e8f69d9c4cdb9c82519fcf7fd8b0590053bbdf084f2510f207a25861b03ed4ea307cd272f2bc4ab6ec7ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
859c79fe4123c1bffdbbdfdbcde81a16

SHA1
20851474bb2fd0e14992aa0638a995d10357b483

SHA256
cff8e2bf93fb17c777e2a12eb35a7b8b92966790fd484975d8b3103eefb08d9d

SHA512
7fae3f7f35e6494519ef73cebdb310917a9dc93ebc3212a5a51797a590c3f0041add7e1fae794e83eafab780953d5ca24096752052742ced787f511f1565bf7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
296B

MD5
0d0932996e14604f2bf56eaafc718dc4

SHA1
08f106474fa0c9490ee925c0e10ab8b69bcb08d8

SHA256
b13a229e246f41546cc14ecdeffd4300fd53488f2f73e0954d601a61a0aa1994

SHA512
801fd3e1d8e11deaacd5d8530a9412f9c80ee7b663ffbc9b0f9ec9c471e5981aa373f6046a3144cf094e53021d487e543a93538b8afb27c1d6663d603c433059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
967B

MD5
8383170670db42cf905889cc61b29a04

SHA1
fa090d222056132fbc8596646dab66913413d76d

SHA256
1a29faf76b8b52305f65931cee48da6ea25d523bc8648152dbe31a19f8372465

SHA512
27d174210464eda88b1b4c2d7d055a1b8a58194ad55bd57ece32645ea0e4c8c7be798674ff56891d5cb61f0405037da8547f1bb7bd697616cb2c5ec968d1ad86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
11f584a441ccc7b95b39584912e99329

SHA1
6d734cb4f3d54dfcdc1149db4ed242f2f5897fbb

SHA256
e5429995a228fd66e4a6fc76e73f7f3b8cefffa9adf369efe50b79450eb76c1a

SHA512
cf15cedfbccda1dab54a78c827aec9bc50fc090b2ab61f6455869a7e3b3a4026fd840ce82b086335f29abc1b78eae162d6433110925bc9c360547960cc8c70fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd09d1650c35a50dfada6f28043fbb49

SHA1
7e115b232b450b2cfd865544c578850d8d78a74c

SHA256
0775c35cc069bf6a46b7cbf50742be5834c1d54c3ba8824112dd1928654a0f7a

SHA512
d4e3d42cec9e0f2108d1764a2286aa3acd6e33473e52fe3da396e8fd3965230b21530594b7dd174fcbe37caeb086f3b72c1bb7c815d5bba38fc610bc75f33fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fcc734043e589365aeab3bb9f4dc7dbc

SHA1
e43d148fdad85879e4d6e1297772ab5f8a81b10c

SHA256
55e07e7b6fd3ab099aa7e8868b47f646da239f94a55cba8f902a5737142c0a95

SHA512
cf4084bc6c0cb3e9494a99d8944400fbd8d675310e38938aed909b9d22e437227ce05b2ea354ba3ca82dc191014f519710bb00d334d9eadce4034978efae6092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f2e8162f771221a85b9f0b5dd4aa9820

SHA1
626e747f3e0419c2b4ba9a4acde45ae093d80e2e

SHA256
e3b7c56458be59df7abb2003cc193fc1c18e0601261903159146626d0a73107c

SHA512
310e10795b49891fbc21a686037a9756d0052132764360c50d79649c2ff9452e518c1e36cf5a618e62f0160449004c8a304286e98f0051126351f88f06cb4a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
473e39e18bace2d32f9c690fc7b85b6b

SHA1
52e44b5cad98d4f7e9f21b8b2c75194b3e9343bf

SHA256
0d44c665ff5b5c55e73d000982cc6ebb487ab2abc41240f3b6432ff20e1ccc80

SHA512
d42e7c5a74b426befe2afe1008fb3d4044ab218cbbef837271fc562d859574a2b9a9e64fd846446be985e479cd86c41c39302277add13b7d52f29769711e062e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b97625156a2e4ee01b015a239b412724

SHA1
fbc6594d3f14cf37c1a98756bd7dcfef7f091d02

SHA256
d5612e6abec8fadeeeb6d98ecb4ae17f342b651f76d10299b593a26be1a91ef4

SHA512
2126fd4bdea4072dfb346ddb5c0d737a0deb766b1cc1e86d56ea67cd4ee0da2aca158526e7dfa3366bc16ad0bf4c135de2bd25a4078d052b9e868a2b21d29471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
86ba310d127723dc4ee711d1f3168ba1

SHA1
a76aed3b2828f6e71739f34f28854627191e7259

SHA256
b4c9c1d6c0083399eaf33c79b2b8abde8f2183547fd60cefaef6baca447341c0

SHA512
fe8aac2d97d27f351d4d5ef608c7024d98a03ce527f47721faaaf67e1b271c039319ee8dd1d542963a62ff931cd00531faaf5b7558df913620591ba30a69c247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4ff8d2d1baf952a9782103538160bb29

SHA1
79088ac99ddd43cb9c24e155979ab5181758188a

SHA256
fc724c46f814d261fc2f589931086affd849bfedb010df157a8b988b38935eb4

SHA512
f784109b29f1a280f86a17f423a426be13e129df25d57ed18470aa428566cc2543da5a7a8cc20a1d8650f355134a12477f8825334d0f8982744732ff52db5d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9b739820d3d2460a09f5531c85408166

SHA1
451ad161bffe22e503cdb448f5a9fafcc19522dd

SHA256
217c7c03c4ed9877f7580fb7ca14676d164b3deb72dd550e6e9244ac9873f6ce

SHA512
b98a054f129665606f163d30b7cfd4999d1e74227068cedbe304d32bd9d6bf2bca1c02dd4a11fddf1b0b76b47cc998a24c939c8ae05eaea1919490872280c6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6b7e1a561c6430aeefa00fb7e35c9193

SHA1
635f2346ce0fab2ef74a80c9725e512c0bb57e75

SHA256
6c6f5a7bd7bd27c9b6933ca64d7fb51a8b62828e2a8fb12bb341b6a54c7d0a58

SHA512
4a5b0d52f74bc7b5474a4104fdd14ce0d9b43d9c343d914eb1f6eb6da3f4acb980eaf27dcac8a957e6b16a3e196cfc05d81c8806dbed6b57d4ad9774b5bc4218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
80914983771a2091d66f971eb85850a4

SHA1
24a8e849c3c409e700511aa95a8d717cb9c1f154

SHA256
1898f04df3783e418d5c120d3d3462a67c2c95071a162d43e683fa7102d9d6bd

SHA512
6f419330cef0c425c67a2343af8adf102cd314e92ec8d54ec2863d9498dce958fd890d7525c10daee32592e72085ff3c4188ec878db7e68f9f26a589dfab7d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f14a0c037cde45fc29e5948f3265a921

SHA1
802b25aacc0e4ec014e139110d962145268e0fed

SHA256
efe16f170179e98388f49a55564263248bf506088c5671223ef61b0fca78072e

SHA512
459c095b1420b79ade17290a3cd6a5078823af4d133858e9e575fc58a62508f6a94b644fd25b1e068d64d1836618e9c054d8a165f047e49a1976b81cc5826395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b097099dfae9958813058340f5afe1ea

SHA1
aa952cc50e0b34a25d4d12e873df4047ed39ef1a

SHA256
6cc8dc3012a1b757ea26c560be027513098e94fe057770b7d92128b1d3245724

SHA512
e12592e3fb0b266fe4e0db141f9e95937a943a19f0c61415cd32066d33a72121adf99caa6752581e454387e7de4b1f9ae5a5ac327aff64ded71ba4bf9c3ec151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
35ef41eca906ad4567705d548604ccc2

SHA1
73958d4b4ea58550532cea416cdc6de7bae29821

SHA256
b04a6d82778263dae6199df3a379fb80cbcae754074a6419df7b7cc0f753ca4b

SHA512
c1882afcce923b5e1dfe046bb9050dfa8214cec9d6073c7e4a1928b92a7a508837f0294f9d49df15ea32d023e2115d92d3712868652ea36edefa279728b1e34c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
bc9db8d42b357f211cdaf659eb5c84c1

SHA1
01fea759b3a6aeba7d651981cc61d908caca39a4

SHA256
ff74615a54dc78616fb1e6d0a2bbbbb2cda073d7b879fa5179a62150709cc3ca

SHA512
5c2f0d8653ccd25f47e1d4ca6421741fd9f7f8f25efc8dbea92672b796814aea802ee0d8c409bb12747d5cfd1ecad403c5774af10525a0342c149d544f998bdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
4c6dec8ba066e3d504576f0aa693c263

SHA1
666a5c6ac1a78084e4720ff95f045d94cf3dfe2b

SHA256
2d1bffe2ef42db400f1551c0f9b6153b31fe409bb9ab5a0cc3d670a6593566fa

SHA512
5d1258faa2571adf822c8583e5ce04ed28c1622e534b05c69aba237a437af4d5bf917d7bff3f4baad36a2cfab6c63260cea387b976433a1cd300cf3f3a128f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
ce5f633b95ad974e6b8823887d16c8d9

SHA1
2889955e8dc73c9845ec1ed4ca71a5a7b15af711

SHA256
6f59dcf68dcfad500c6325441b497bdb20ff6759ced00adf4fb2900a031f6cb1

SHA512
8e2c65107a125d671c3d0f82000fbeabefc08901eb6ef2092d9e3115c454c212558b13497a073cc9c16ea5bf929c7a0465583ac59e7a8f1d8225fb85ac548ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
a38e0e58ff08f9d8af06f135a89654df

SHA1
42b950443bf8dc98bccc6ceaa9b16e33567e74d4

SHA256
7a51ddd344612f683ca0317e2d983db8106a99d52994b9313cc000fe07253ad2

SHA512
c1d61114184b33746c0849e1c64fdd75d05ec3d6fc75e6548b27b9ae00c5d249afa6f59305fc300192b1f555c8849129208001e220551cf1c591fb635099d053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
c0f1bbe1924e3a7a9ee03fa87d263603

SHA1
96d9f4e5002586587300c360c45486ad9ae36918

SHA256
f28dc369cde6621511a8562ee63c9c700a0075a85ac4af5f1754f73761ecec5d

SHA512
f68af30b5bde1ba6753e401dc7451830fff81a4246230f729e57ff264b5b1c12541a597e06a81d8ac43f7f37f774363b76a6a6536c882a7dfe6ff857cf753985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e229.TMP

Filesize
701B

MD5
905d132a1dc88444c4dee513c8b25951

SHA1
690c4d9830b1ade0c836faf5e63fa67ca06d81b0

SHA256
7f436d865f676bbb74897467ba527cfbdff9a5fa117a6340e66d03da3a3b961f

SHA512
2441af2fd29325f7d35196a59f12e9aa2e8040c12fb2811dcd290de711295136d230d3e19d879947c31c0390f67be779b298d2c092d4640971daf51582e16308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
789b8f74fb4d46d90f9cb5dc7de2011c

SHA1
812d4858b69480543f6e690296810240c89782fb

SHA256
6376d0e987b2f5e9ce2e8aed388605f7c61cac44dbd87dfeb46ec6e282bcf600

SHA512
94d1ef8a9d4cb7723db2d7c04188062e372fdbc11498187fd2e5201a14ac8a73b4fc0621529a1b7e74b0be64feb60200fcbf2c32f1cfae77a8c2ed6e91d445ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b394f538c10beb1f968fb403a6d830d3

SHA1
3cca385b991e0ec0562e959149eda9cb61f90050

SHA256
0dc40f195d5472494d4cae59aad3a7f69bdbec9228db537a16fb25aa697a5021

SHA512
544c86eca5e5a23dc55b8301fc24d5b038cf90b027fc0145d5fe4da04bbe52dd4e8a45ae249f60556e9ed2510807410a72e3734f43bdce570abeb21adfae906b

Download Submit
C:\Users\Admin\AppData\Local\Temp\38d79afa-b314-4af7-ad61-1c2075cb5bcc.tmp

Filesize
68KB

MD5
03bb84515ec158a28eab91802359abbd

SHA1
bb960d35ea754455709b654a1648a53a3451db79

SHA256
67ef46034f1678932358361d745b1744247dcd9e64b3aba3f7864ef1f39d0e96

SHA512
e40f8632a25835211b455f3bb1c19f9d3e306ce576e20e70bf355a19c7663527b1154d939ad0c1437ccd5e0e613bf748612cb17ba1ddadda08f73762bbfb4526

Download Submit
C:\Users\Admin\AppData\Local\Temp\8142c5db-3e49-4ad2-b0c1-770ff061b5b3.tmp

Filesize
834KB

MD5
02139a4c2729b7106adc2eedb8dd7979

SHA1
d02da33412cf4889bc964dbdea36242988d38d85

SHA256
1245be26cf494e42c025a8b9bcad7ac98cd750b2a52862b3538790d4cf06c3a3

SHA512
87cd59f1dec90897edd216163e678584a376dbe8285bd8e1954515ff65cdf03c00b1a9359c6c4fbe8ef8c411f76b25a89310fb8830301db21344d67eae6ef619

Download Submit
C:\Users\Admin\AppData\Local\Temp\d6b9d19e-e568-4576-be54-30b2864b5895.tmp

Filesize
1.2MB

MD5
aa9e78912faa37c59cbb386b1ca0b104

SHA1
0db2cb33acd9f33d062cc9807a7a63aeff4cfbd6

SHA256
cc8612e85740e38d2ee6e1612d0ce2bcf12004a85b7d3c82ae863da45c362b2b

SHA512
6fcaac5a054b506d585465a1ed15a683190935fb9ac3c66f037b4343ab005b50c80d51f4f1248641db5b6068dd7eb99ea57c6749658b405f9af0b1b5844fd474

Download Submit