hxxp://steam[.]com

Resubmissions

21-10-2024 11:52

241021-n1qa3ssfpb 5

21-10-2024 11:50

241021-nzkdfasfla 5

Analysis

max time kernel
958s
max time network
960s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-10-2024 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steam.com

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1360	msedge.exe
1360	msedge.exe
3580	msedge.exe
3580	msedge.exe
2440	msedge.exe
2440	msedge.exe
1136	identity_helper.exe
1136	identity_helper.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

Processes:

msedge.exe

pid	process
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3580 wrote to memory of 1608	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 1608	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3428	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 1360	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 1360	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe
PID 3580 wrote to memory of 3320	3580	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://steam.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffefa833cb8,0x7ffefa833cc8,0x7ffefa833cd8
2⤵
PID:1608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
2⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
2⤵
PID:3320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
2⤵
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
2⤵
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
2⤵
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2440

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
2⤵
PID:472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
2⤵
PID:2076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
2⤵
PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
2⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
2⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
2⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
2⤵
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1
2⤵
PID:2764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
2⤵
PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
2⤵
PID:424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
2⤵
PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
2⤵
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4620 /prefetch:8
2⤵
PID:1884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5584 /prefetch:8
2⤵
PID:2956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5372 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
2⤵
PID:432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
2⤵
PID:768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
2⤵
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
2⤵
PID:4140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
2⤵
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
2⤵
PID:1396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
2⤵
PID:564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
2⤵
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
2⤵
PID:1488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
2⤵
PID:1796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
2⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
2⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
2⤵
PID:2668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2632 /prefetch:1
2⤵
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8916666785145393982,14566013440983894526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
2⤵
PID:3284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1700

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004EC
1⤵
PID:4380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
39KB

MD5
27f3bb5b4983c0a589ffe4e1a75003c2

SHA1
91eb07d73395bc132fcd94b7d4c2d49bbeea3deb

SHA256
37ee2d7f371557131a9f050d5911eec127388af125517fd9e21075895ce0b3c2

SHA512
008d943ced81bf0ba5bf427adcdec3b96440abf7c4bbe8a60ae0e62d68ffcfa9a6e9c9d2f644b3b17bef6eaa518e469cb98b274ae9265b774adb201d0dbf46da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
61KB

MD5
94c6b4e859db7f6b1d057f291941ed12

SHA1
4feca5cdc86773ea845a8d210479588a6e520866

SHA256
47d0aaccd7155982ef47233af9b0be62c9bb9f2fc2d73815a45b02d05c9b7a90

SHA512
51bbb537cda51c84af76441b1ce740bdbc02c974b08c7f100018acb968a6e0c73a1623ed7b88b601fbe8f5421c11246a76f10620f79a06ddc603cbb5e00de1f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
53KB

MD5
16f345955c37aa91961e9b1821004ee3

SHA1
445aec36c7cd17310643512f6e0326ec0e9aa315

SHA256
e352f85e62a191b17f1b126b42dd9bbad3fd46acba64bcb35910db5083e063e5

SHA512
3c87ba5f77482a43698d95e6da642f80f125ac9db47bb080ef7679a6259020b49f5f1843da52da5f311af5ad59a9806ae1f75536f971b3109dff9bf3d924d06a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010a

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010b

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010c

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010d

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000135

Filesize
29KB

MD5
dfb2514718e916dacbc7c0790a7d8e0e

SHA1
fb2146c2e76c4148154318e4e9c0844700c593d5

SHA256
43bbe2459f21ddf29614692c094bc8d505bb6c64ce9f79b8486858cab97c1528

SHA512
0e7134f575eef62b6cd4a4600a720981b2a5cbff383971dab6f12dbc52cf021d4eb491130791383510cd75f3ad2aada74c109260306145fdf1127e1ee6111126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013a

Filesize
33KB

MD5
f7b3b2c852b524e02bbf75c2ad18f4bb

SHA1
c8e569a9f9d5b238f50ce78dc42d09b00dd1622f

SHA256
ad7d637efd18e6e9a71001d06ad6331f6721561d39c01296c1b2bbe903a872d8

SHA512
5db12eaf900280851f46466452b3d9a0195f370294cf5a75a4a6a4242444814ce0f8d3cbb21742989cd34d0a21b7b4ddd8e588ecfa5636da0d273e7b4b664bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014d

Filesize
121KB

MD5
4598092f245beade3a895172c92cb368

SHA1
3cefed450017000cca3316f033f01f4fc64f7b8a

SHA256
9f984c98945227beca70087115a981506fb03dd1c991ba15a5a8699d41582843

SHA512
8540d0b0547048b20850b4675a25a6a359ab5bf7fe57351d7c4116b5182ff3221a3101bc996048ff5ddaf2264f61a3abd4f605af78002cdb3f6c6bc2272ff1f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014f

Filesize
28KB

MD5
20590808a9a15073cca77a1742c236e2

SHA1
403fb9bb15f81b3faaee0eaaa66d608e324903d3

SHA256
045fe954cb94c0d910c923b93695de6826f6560622a66a4f9d66e161d662b0c0

SHA512
a14db1365afc449044815a50ceb0d2eadbf8e0fdd8b98812c262220096f96f62871cf086251e78a11d16929db69fbc5644a8879da7eb0d51749bb349e61c3ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000150

Filesize
88KB

MD5
1243e13f1bdcc2a8d5a1b48420325057

SHA1
feb85705bd4d755450738af61bc1458252416531

SHA256
b1b11c40f2b1c7820376befbbc25dd8b550e5082cfc98392aaa093be25b6096c

SHA512
8f285e0d3ccb5e0267bc42f607fdef4f136073c4c3272cebad29f1741385edcd61d5854046c9d3d6ef56d75fe29bf7d0976fcd87a1eb71f95d4a3a1a40d8cb7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000151

Filesize
111KB

MD5
dfa194693f80d2ca2ec1c19b47c1d000

SHA1
9e9eb84b4953905b2a32f39f4c8ee03671ba59df

SHA256
3d684f2eb7b26bc4ff4f1c1f49fcc950aa9edacce94be8f730b1e1de72a684d7

SHA512
f55adf785fcfddd50d3fb2e860c7af98e6a11490de407183dfe1d180398518359f66ee1249ab39154faf0fe11b649ba4d883a240d951e7dc8bb620bbd63225a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000152

Filesize
26KB

MD5
bdbca6cd39a21b94af5e37a7d95cd7b1

SHA1
3bbd7a9c40294b9f26a7fda297a07cf68f4274a8

SHA256
fa016fd584f843b1373b82746add6f4ecc0bd88711e9e85546dd9270e77cac50

SHA512
930121da974124d737bfd6971014a2127dd1e5c383eeb643d7eabc822c867068c261f7d978a2c86f2237a98053ae3dd26a00624d8f0233ed04b4d2c0f8ead102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000153

Filesize
226KB

MD5
40283cfc473afbe1d4abba7e6c809885

SHA1
8a32cb88d9f537b02582df17a5bb11c2087937f6

SHA256
48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a

SHA512
dabd9fd4cc3fb4ff3ebc2c3529e602e91939ddb1f42c2d7e70188dfc3262548922ea45c96691d567f2c777d393b5ce7162b5bd4c2054b33a03856bbea1c1a0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000158

Filesize
215KB

MD5
0e3d96124ecfd1e2818dfd4d5f21352a

SHA1
098b1aa4b26d3c77d24dc2ffd335d2f3a7aeb5d7

SHA256
eef545efdb498b725fbabeedd5b80cec3c60357df9bc2943cfd7c8d5ae061dcc

SHA512
c02d65d901e26d0ed28600fa739f1aa42184e00b4e9919f1e4e9623fe9d07a2e2c35b0215d4f101afc1e32fc101a200ca4244eb1d9ca846065d387144451331c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
1bcf1e72497ed9a4ac1902a8587fe875

SHA1
8156f590c6908a1b297658c81d31fc87fccef3f3

SHA256
1a58cba221a8df5a4a66bf799c34281d6c6e28f1518173894ec0f8cd0d467677

SHA512
3d30724d6e2c1d1c5fe4172f162eac09707ae008a1d66a196be5c0d8b4ba585abf2e861dea776d127ce814b218f2af010b0d294164b729970b74a54c5f1e49fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c68890ca21129031b22bf98a366208a7

SHA1
53380be091743b689f3429d9e759fb0692992bba

SHA256
925b7c5f31e4868d1cd75f689b223a8cad8b98838c76dedbbad14a2ff20caecf

SHA512
44676ab7095b82f23e7ab270803259c233302af9e4519b28baf941e469e269d65df08011ba7b9c232dc50cdf6ad429e8283ae09d428e8737b90d54f26f8d9895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3ba328c356540ead8df2b103b668311c

SHA1
e7c4396fb7ca5fbf39b9b8a0c55a7259e75cf933

SHA256
cc7f82e850b036952789f95d0bbb5c69aeef9aab16b9495b64cffeb114a20526

SHA512
f82ac5ceec14a1095be73ae8391be6c521f654c9ed8cf0c1a78f5e632f62980e8902b471a0eb2ddd726abfa919be86e4edc841ab925beac10eef479c29c5ed10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4dbd15a843ccc499c3e5260ccfed5251

SHA1
aaae5765b6eda11f96bdde750d6f3f3284331b5d

SHA256
94300ee05a3c2c2b388de8639e151acdcf6f9ecb7b38ceca04daa0317648d7d5

SHA512
d865ad992399f48c776251099e7ebc8cfbd23dfb2f7aa405e695405dd2a5b35b7bcd05b22352f305feccb6e6fc6520fcef6d48771b13c7be83fa87c3e1f835e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3084520d45d95a0c8ced8bc5b24fcc50

SHA1
68274509653d18f2b01b974334db8a70e4797929

SHA256
12f70defcf37d50a0ada309fb79108aec7614f99a1722dc8d9c4f0e072220fac

SHA512
02d5b993c175e73ce058e1a4e382daa35cdd9d3898395f693a344d405afec15b43b80fc75eb4ec10509e37cddf33283f79bf430981c429041c2cd5efa32494ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
814dbcedaa2409ac49cf79aa4baa824b

SHA1
3cfedcf0d3c302d8edd3cb93287b4f2bb87559ff

SHA256
c3b6f9ef57effaa3cd0defebce12d951a50c54da2adedec25db8e260dffd941a

SHA512
09fc37d275057adf4fc86adff33819a0bd1e6bdc705fa8e328b71336e747e35ef274c6314e1e81083fb92aaf158115071ca5b6820d2a67d0e2f75c9bceacd140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8367d90eb2d2e52d07fe04e60661b6c8

SHA1
11c33dc191f0b2da1cb0d076c2ac1889a30f5405

SHA256
4308dd68daf41df4c7baaca8693348380e7e615dcc767dda321eabfa8579b1d5

SHA512
1e7fa651d9d3692c6c1e3854ff5e25e0b8094ac7016c0035daea6c11bba73aeecfe721a478b2be9ef9e392b6c4a0aa3e9d33b9f6f546da1f64bc4fb6833ebee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
48d5e3d71c99da23d95035109caefb74

SHA1
e9f90f405a291f5896eea8deb4892067c53f875d

SHA256
74330072fc5406760ac11cd89b9ad69a515153caa90c10f6701e31fcfb70e544

SHA512
d8700de6926fb4f616682f6a42be9460f99f1b6091ebfb7102e5b91f41b1675e945232ec6d8c183457be110201f89c4105191490790c4bfc0e62aa0553a1fe92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e28387dcea501b83c2b052a11f74d359

SHA1
c29965b80cb223dfacda40b45c238665b2a4c311

SHA256
cdb05bda2f39d54c99def8d529cc8e47306af1f4bcede7bf7fd7e901138d8c2f

SHA512
6bb578cffc1eb21323b6ce4ccb7c979356c04425ac2b06e7801bf64f3082d7e5729aae93a6358cf2855f1cafded7486e840ae121f8d997719107dc2f408dc055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
b65cac3a56057e4706bd21b5b655413d

SHA1
973d7ba936ebf32eb05b49a95d478b24c5413664

SHA256
5e0690659384a9ea8f0a66c86c411de2505e501172fd08616b777436a1c8956b

SHA512
c1fafbebe54cf6c33b759e2cfea7556975ce845192553edbbcb8626a9951cb11732bf7537b48b6995068afa885a5d1236c93385ef1a11629662366ee0aa3eceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0959002529c81c8b33d4dda3795829e8

SHA1
c88be0d244da3397d1f31612086be0c4a113d2ca

SHA256
df4b098a127f2f886af9956d6c9392ef007680547507aafb00c5779c5bda0284

SHA512
8ed0c9dbeb4741e1a49504b5eb53d4b3f0ad6a9649924d1fc9d4b2bf15254d7c6cf4f09e5d20db67cb9a4ff9a54b55332d78a23bb8c5e03737497bc17554c297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
349fa666f16c2aea97870f309232e955

SHA1
629b99ac3549d50660bc94972ce572fe6c39f676

SHA256
f313867be93354d7f7b99acbbd033d421fa2314e693b06564fd2607d42a32459

SHA512
a18fbd065d388b3e7e7c623a2a25f4f08ba1332e277152b11a231d291920386294d900970c6d4a78623c97e149495c6b3e192f04bddb22cacd316e5717df27b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d968a9a72ff0e75e4ad65f158d3b6902

SHA1
3140dfd0a2af17fe283da06a3eab9749e9b50120

SHA256
a062a6057502f3a2dd7a4febdf14015728ca6a3c3afadd593b3d00537ebb031d

SHA512
aa8b561290ccbbe8475aae2ef01844b5b20b43f959b9703e7d8b817606988dce8358ffa1104ed6170f01f6b4325fb1332e81911bc9ce314878ade41e2b296eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e8b6e8012ce74cdac3af586980c7f40a

SHA1
1601bfc161bc568f23f637198ae3d47dd09a4fe6

SHA256
aec973f312168e449565349915213b498432387aea59054113e11d7504eeb5e4

SHA512
1daff4a318796ccd990f0162a8262d30105bf1b00735e176a687b825341380a80ffcf0f4d98ac3ffe93bd36b48f7426ee705f8c436999473687d654f3443a154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
80818049aee757015b2becac94c2985a

SHA1
5426764d4f3682dc5e14703c9d8c7b72849b2dca

SHA256
941ea96406b14b33acd632823db95c1ee580b755367d322f49d6dd52a714bb1f

SHA512
abbabe4be44c67b3bf52a6abf665181c2acaa7e9ce7dee3bb0a93bbddbb80274894b283a769dc1e9288080199911213f85c8bc93eff60167f6afcb555ec0d65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f86c45baa3eb70390ecd6db293e2d00d

SHA1
34201ff9d6dd792d3f36cd9d449f236811cb3ede

SHA256
ddcf4bde64627f354cabdbfc701bfcbf98b3bb6287a73462f5614ebe292d275a

SHA512
efa8eb2610058396004b8799a0b80a12026cb238960d9e034e7a366a7c17681f0610a435a6dffd4aee979101786361b3b6bc36f530b99114776e33043c318467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e72687da4713c8d2128e9da3f5072fdb

SHA1
3868e3315ce4d42abd22cec35fb79c7d6b7fb11f

SHA256
ff95d9c246c0ff72513760f33339cbcd028e2fa5a2463e1151aaf7677e7cb643

SHA512
670be0074058466603a63b6d900147de05a2829bdc40bd67e6494a8d0cf6b84d9f73ddfb1e57dfaa3842c7f245902d9e9b6622e3789f885934b72a93debfb68b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3fdfabe9c069836bd5eb2738027ca2a

SHA1
2c2158102e48244e037f76325124c61c3d43b725

SHA256
0fcec652f08e36d41492da0e22ece613edb114e0dc3f020abe2f3eaeec7f2d26

SHA512
581e9620713948dcbf2d9e5bb87f8d4de8bbd7f0ad3177f63044e0d4acfe1384b048bf5320702aa587889f7a3a6b853cb78593a042492701a0eecbde4d08c45e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5507e3020a3967fc6b548349dc776ca2

SHA1
3b2c6437cac03ab402b23bb059cad460ef63fa96

SHA256
af036c53b87dd3337371a9acc1b87e15f8532a6c48bbf7ea62d8ba876dfd60cc

SHA512
12e0dfa37ae1b9ee587004e87484d402e90b28bc284ecacb3080cf3fd93055b3610d9c6a1cd761318d0eb4f93f861f26fd218e36fcf2e4b46ee6df76bc2f18a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
65fdcb8eed8f7d565de9cdcbe59cab21

SHA1
b65e7d6b0d29d1ed4d3597cc744c760c88011b9d

SHA256
598898f37c4ba7a1c66b5c42d035f110ac507c19ef1d77793ea854d3326ca0a2

SHA512
b01b250421c26e68268865008db5043ea6638e029b7241a4b21a6de00d46f08bb75221918baebcd715fae5126ccd892060de99963ad35bb613a3acf63c405bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
773759a0edc8a28059123cffcf64669c

SHA1
0a01b73216eb1736344f9331660e9f957480ad26

SHA256
0d42ee303fc6550cb15b0a6d8b4223b3e7b4a064869f8f43fdc106a567a70eff

SHA512
884f7ca2c7052ad7579d9f67311049325d840dab30798f07301487c2752c5ebeb5a26b0a553d2f4283bacb17e06fde189ae288e9c6572d38416ecffeeaacc6eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1341dd3ef1a706daf25dec2a96b2dfa1

SHA1
b442df6160097829c9b23bfdbbd18ea7d39b7c90

SHA256
f220d46362dfebb99490e37709f97002457aff60e5052b289b713ca8c17f1a0a

SHA512
b224742df1cd1ae55c382dce404f9eca67c62f5ac9fb7406bf80e3b5c45297c646fc75b37f5fc244e428319aced36d04e746927da40ee41ad03bb2700be1d9c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
902588fca5e861b5477fcb5cef20d286

SHA1
abeb4fd924bb29072f27afdaa7f9de70b48fc958

SHA256
8a76237a0060987bff485efc9212bd7260119e9111a49539d5fcfb5ff24caf76

SHA512
d37a564e8d8c2ec1ad12f6c3936e92dbc9cea05fc838d4ac9276a79f36938f597bb3c319fbd81b49c988cea051f1a22d274cf45196c4ed331986fd5ba085a062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cd2cc7ba5e839ecde2b75ba7ba42c5b5

SHA1
4ee5462a9fcf650391155547fc1694e81d8aadc2

SHA256
6aaa03d88daaaa008ac7a7ecb2c88c05c5687e8db7083511cd6c746291994706

SHA512
e099b4de6a9bb9c6a56c5c559395e776fa9a9798f8648bf46d7ec5a7c33a422a15fe97589688a1e3b8e4840526f4f19604b9b7852398c427bb9308813c54602b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
3ca4c68b9b0923e0c5aabb519de01fda

SHA1
866dac228005313695a91967c6fd4f2f9f635cbd

SHA256
fe2daac394331988c418c3651c47baa342389d29ee873321c05371e544856752

SHA512
8af9e1f6414fe047eea6a3bb8a564c30d5390986e18b3b9458349e683ef558037141781c32e4527c765be2ae32de72c9950d47ba93f1df48f541197df5e4364c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d42029bc140965677fb840bc33e94dba

SHA1
6ea978c841bf44be7bf6325a7d54494d9277807e

SHA256
9b90f6a6658102e984cb013fc12065b42969ff2abb77f0e2a6fd8563b6137f17

SHA512
3f451662bfd9b648cb70520543d41b7a554fac9ab5f6cd06818baf41188fae467f08afaeb6b0121ef75ccda8c476b146a7a322d4bffbd79d4ea3ea56631e2e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fbdce1d6a24512ddecc64804cc8c98d8

SHA1
3f5fa02e9927255525424f39fa31ddb50ff7d6fb

SHA256
e9489eb9cedd0ec5f7fd9a3d9f855368a3e264c3640beeb844981a0b0f35dd4f

SHA512
28214f653216870466d05a6a3853d422d7c56d5425fb231261082013c50a55ad9a35cbabb58b21cb03852bbf4a5e5b75090a0e0acafbc23e580f935bbcfe9f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cb0ddbb59d11005ee63ecd04112b0f78

SHA1
651fe838ad34ab83a11a9980226aa7866ef9388c

SHA256
da6095afd77a15ce728c89afd3bc2d902082025233f2a29c6cdb1922048ae9bd

SHA512
eb048bc9611f55a6b9e964d19326f8cf68dfe9f635623f4acf23a774730e7938fabff3dba3ed2715fdeda125e86af054487d287b79e78657858198f4fec605f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
eaf06b1da64f0b53c0cdd8f91b1035cc

SHA1
15dfdf967dd146626e0d23ee05cbe53f28c337be

SHA256
a0dcd8bb9f11d4cca4ea773ff35611143d91b3c306820ee4fffc3a83e0de23eb

SHA512
e87e3caf1165988d41b982b3b0a242775a36ab2f26ba81a67b5f4c070f790029ca3a2ffadeb870392f0cb9543eff0f9ef5949dab95c7a8b8a3cb8a53dd5ffc90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e89ec98cca9f9d6b9fe6ec6bf50a57c0

SHA1
22eda3ec4c26e4fe23fe393ab6471b14d66ea9fd

SHA256
066aa99600c51ea95aaa5b674e29bcf58d176f9a1b5d42d3a533eb3820ba41dc

SHA512
d75b7897ecb2a3b502cf0c14bf639a73e30f8cf875fff12ef47205a8d45e86e942ea78902d320516f476774bbd45992798002cf8b9c7ec0e244f641a9d70ce13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8ef5f74d49cf141ef491e91005e81457

SHA1
f630e3c9e136b2aa4bf165145f90e52eea6f1527

SHA256
e41dd85d265cbc526d9de7c2ba6b66e25de2db0d0aed0ef2310b5522ce0e9dfe

SHA512
06b28bd35ce751d16ca45dd180612008e7c7182df7e4a0931d520eebe40d0282fcbfc1f24fd00c775abfb1b26ea99f52fb86628fcae63f8424cb518948e4ae36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3a039ba63753ce7bdb7cc257ee053733

SHA1
d41dd1d8ca6502e53bc3213b890ccf0f8ad18568

SHA256
92dcf6b8e58c2909d205c1ca6d6b6ee5b2a001b2da893fece054526502b3cfcd

SHA512
c585ed81f97129fcd8732fa8a33eb4468cfacb0b665953d0b14d9abf86f62b902b8fb9ac00cb9a123de4e2061fbb5ddb8b955e8ff413e20825e80e2256cde19b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
affff16b9fcb9b3e3cec7f24447349f8

SHA1
d3d03498da342bcab9c989005695ac55b78d5643

SHA256
84b2b043c1df3bca3af2c074efb361876c6549e948717ccf89b7aeeb9a0069cb

SHA512
c8433908673d7d2b601ea94550c08c0aa17543d81ce1f0e680c5cfc2b6b8aa0d06771c33bbb4c2f5adf43aaa71e59937718d22fc114b0bca5c249903d953d608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
db5c9f1e0cf2a64b5043ac650b16b251

SHA1
0ef5628aedebee06361b4d4d121e0af4daa4e4a8

SHA256
b60ffd9669ad98b7432a822f375475445e8089b80773dd020c3919b4e1412696

SHA512
8378f66e7982fe3d5b221100fbf0126477647f92fbf5dbd9a10426c3faa0532feaf8d3c54706e6519ef45e262c4d2b0abac472fad6054cea28912dc5fd18f397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586a7d.TMP

Filesize
372B

MD5
61cccd0c08045ab01b1b8194042dd8ac

SHA1
3a3331597d4b2e26d6baf781695cf20427a21a94

SHA256
178656d8050a29e45a62b2f7f67cf873c95541795ac56cfa4494a5b569db546b

SHA512
655155ce77478af7eb5c90c6e14b1506dacaadfb9aa42a3e0242b8eebcf57cff8fc9c12758604028d9a65f71557192d1f366629ccca7241776263b26fca9cf91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0d856a7e8f2fa159d05df6fdcdc479ff

SHA1
4ea455da6b2e9596f39627f8268f65b9349122fc

SHA256
db1d93efd801ba8e7972b62814c0bb9137a613f6285b3b14bdf4bf0fad008774

SHA512
6cdd1f711c61f12c3a07f46c8d5cc2baa43fc3d675f29816b7a5adb8e6e13453ed4d90f449d225c3e4c3e8abba8a244baf1093881a98358a09210bea212fd6c0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3580_SRHFQXHMPUYMFEIB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit