hxxps://holidaybunch[.]com

Resubmissions

23-10-2024 01:15

241023-bmlphstemh 4

23-10-2024 00:50

23-10-2024 00:31

22-10-2024 14:58

22-10-2024 12:40

Analysis

max time kernel
1048s
max time network
1021s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-10-2024 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://holidaybunch.com

Score

4^/10

discovery phishing

Malware Config

Signatures

Detected phishing page
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	calc.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
4964	msedge.exe
4964	msedge.exe
3640	identity_helper.exe
3640	identity_helper.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2752	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 4300	4964	msedge.exe	85
PID 4964 wrote to memory of 4300	4964	msedge.exe	85
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 4180	4964	msedge.exe	86
PID 4964 wrote to memory of 1100	4964	msedge.exe	87
PID 4964 wrote to memory of 1100	4964	msedge.exe	87
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88
PID 4964 wrote to memory of 1688	4964	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://holidaybunch.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8e4a46f8,0x7ffd8e4a4708,0x7ffd8e4a4718
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2356 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6788 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6092673436114660993,6788619338472028650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:5184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe" # ✅ ''I am not a robot - reCAPTCHA Verification ID: 2943''
1⤵
- Modifies registry class
PID:4740

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
51KB

MD5
657e828fb3a5963706e24cbf9d711bb8

SHA1
84c08557d977e0a46ec8941b2d84235069dab229

SHA256
45e39853c41558c4922ff1b0895547a99e378f136ec3d9d2f4df15cc269485fa

SHA512
eebedf24a2516b860ffa2c9241474157604f8fc2edc9e3bf3c0a0dddf3168519f13fc195d48d232ed8f4a5db1c48ef0563d62b2e2bdcf55f936cbd319ab18e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
17KB

MD5
cc6d2a2ebbdb4ca2d35c2a94f666e56c

SHA1
7b9695fbe92878e751db650f89a9e9a74279ee10

SHA256
dedcb23076be667a897f4a90bde0bc80c6a6a58cfe68433bde59546eb9b74eb5

SHA512
c9e27f2aaf2aef1ca88c45eba39db2d1c16baf6886eddb39fb6723a97320e31697fb53aa8b885b1e445d2f361f91be0a75b14399d990953d543735a400320e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bfae6a8af8fd12f57915ce3e4d09865d

SHA1
a0ad89dc07984833102f16e22bf8a54c2513341f

SHA256
aa6e2f48782924a34a9865d7897667f206aa457bf1957022f9fae01733c0a9ad

SHA512
317e59a6da8214a8d67156d84c5c50b03a61cbd4d4ffed4eb9717ecda49217ac2899222cd9655c285a9fe8a944f2eccc8bd66a103e94e609a19695966aff0576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8bdff673947016a3e4851eaed6fb8bdf

SHA1
83fe699157266202fb55ef3d34da569497162590

SHA256
30a4eb75f3545548972fb9336ff99419ad3ad96f4571f36197d16eb996764f6e

SHA512
15d3d4f56bcc51a8dbc893436d3c6fb1244821b6f7058906161eaa8ebe964272f1d604f06f9fc0cb056d55ecad74ed5ed825b770cef6c73a33c86527177439a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f9d713529f96c720f0806b613b845db4

SHA1
2ff7ebfac35e05d64ca0473f058a002e7b9451e2

SHA256
ad644cba0d2a365e4ab06f78e4dc5a2675a7b5b90b11aa2bd7131505fe32f2f5

SHA512
39a158c061a157911731e0a6e4029ba81b4d6b82545f708487b055476c566ae677739c8cc6ab06666a1bdcfbca4d65d83286ed573a12e53839d98bd2fae2966f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0bd6532cabea73ec3a982906491a8107

SHA1
6ac314decbc8def7706643c726556e37fc463d8f

SHA256
fdca08e55a73cf9b87bdfbe044806fcd593267cef84ee0d75c0c5f51343b24d1

SHA512
9658860b1eadd17b792d04a2807c1b65641ccd9c344e9a9e11a32da6be0db590ac802be03ca699a805458fc8364624237eddf36b97153dd04b08b29c57d75ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
944df91f62e288a4a7a47dc946454cdf

SHA1
2585b778e2bacf7cc535e18b26f2c3085cab8539

SHA256
36d1d518a1d7a430a498054758649b7b77eff13edd9a3b476cc88b09bc9131e7

SHA512
a52dba327c7bd50df4a6864e0f8a8aa0c74f1711833d62958a85daddbcd48ebeba95326a4e10f4206b533d23b06fb06f45fd40fdfc62ec83080b9fb6cdcd46aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
989B

MD5
1c2a99b77fcd97dc7993a8fb9dc0c880

SHA1
f5bb646b6a0a050bd46477acd52cd49970d03188

SHA256
3aa421e27b21cbf03d472e0edd935cebcd8ed8c31917f38f350f692b0c8791cd

SHA512
448a8f04e14074171631b45d61f978a62fc68def0523105f0671d95fc246d136a4b71c261c1a028274bcac96de33e0673ab42d241b4f95596d8a11e5fc0630eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5dbb864f217e99cbbcc4332c6798d2d3

SHA1
9f4ce230d979f8aa044587eedf2d9f0549d8310b

SHA256
cbfef3b1ed84ec558c838911d36f7b24e29fb87db9a7924582941e09bda0a78c

SHA512
3f68e06e5544dd61ceaf5a22aed97359c2fa96e3a0ba221053d6b3d1d720ae412f8e08e21f39e2d71174066710b39d8aa90914856b5587324d01ce87dbc19535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
958B

MD5
7817c6abc4f23b646b2d0e91d1c48650

SHA1
c294cc75bc6341667d43c0deab97955119c5223a

SHA256
9ff9f26024a5a90b94492f068e39f9594abaad83937a9b723326675a9d046bee

SHA512
72f8dd62d18e816a07f2b9911c6a457105fbaaf55fe3508d551b26b82138fee6645bd3fe73f78aa75162ab247fbdb63013fe2431b00e4745a4f85a200437894b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
030f8748e691c6bf01a65d1ca14f9c64

SHA1
e812cabc529c820925fce6e75b4a00f40b1fd1ad

SHA256
ee8c8280418215c17f82dc3c153e409291243f2feccc15fd50d796d36449d5d0

SHA512
81b94ce38ebd5f5409e2398fdab18cb389f4c6f8f6df9b27f8113033a3ce703d189dc5b89d2e11adaae3dcb950bbf3cd4f0816d3bb306a894f282c02bf4a9c29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b170af9629b321f47dbfebe02fc106df

SHA1
2151a75ecf6fa8b2722903a82cb1f689f802ce16

SHA256
7c61f57837b32f343c65d803d75ad57f70ac4d4e3a08b1ab60870b5c2e8189fd

SHA512
02eda3db82e52b550330659ac676fc0d6962c739458352f08b8ffd65d425061f5665446944d8bc135f82fca36b35ae0f1c7fc5f6abfee0026782a9a12393f5b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7140fbc693c58093a0380b42320ced06

SHA1
4d1cf6569ef97e73ee9dd1987f80d324f6298931

SHA256
ee3a023a54b04739dfb7cb024a3a2cb0bbf2c8ec381aad3babfa4383bd34ec45

SHA512
3a57d0de7849708290ec80d0dd947d47679ae696c294dc5c75727bdf4fd0840e4e3abad33795cfc541e779a0646cd8f608bf35cc90198abe70b8e2ce13694498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d1bd3b5b8a125a7e8f704de3f0554cff

SHA1
57ffab61ed3d3042c57877f72b12101ac693a3d0

SHA256
82e395cd5945e649c87086b49e066d2f130010510c503ca48f9b60867750dbb5

SHA512
79282422338cd0171f3a0b610603530e92b9db91543400e0ddc674d6506586ca5ca93c85082543acdbb0733012207cc339077eec11d9229b9fb1627a86da5c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
6696e9f0a2ce08b8c0470035e564019e

SHA1
c9162455362e63cffbbefab709e23f3b7e6456d1

SHA256
2f0d554860120936430d78eaa05636a7561beef1b9f7b0ae7aac5f358705b8b4

SHA512
600a973fe298e450ecf6b96049837391f7e288cdf6361c67387ebb50dee9b93f0896886421136d40adb16991a9a68d782d92b1d127848d5e58e0f093833fd4fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
3752170024f9d69d3462a391de2caf74

SHA1
7fa8f0332a24cc08a5f1684766a52e75c790850f

SHA256
709d7c810770d486d58ddc7acb53798744fc16ca28273c6459e1d29272f5dd53

SHA512
1d6cb4ebd23898f4dafe13f01a5b0fdee44c2df8907785bf02cadae31b393c0a0ef2ba8f82a72f0f5b2fc5ffc8047cad83772d2413e4146904ce3c1ba758c9aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b4f1e247944dbb96ae931e40bd7fd8e9

SHA1
6dfc9c0e4920e6d523cb0191650187747fb711a6

SHA256
41bac9f525b1d4debc9425d607ab94ebdf72f3fa2a82a2bdfdd4e5dd1c6dabc5

SHA512
25dce7822faf95e8728fa7d9b1260d0e7f440ed4617d5ce41c220423b155a95ba468bc90a45cdc765c1a43fcb136d140e440afdb9b721266c2e76d9e97841f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4937710f03ae96afbc14a4cf36163f3a

SHA1
1943b220c5cd3d76d8ff406708bb85acc7339df7

SHA256
9741cddf7340c58846c7e1c94b84e67818f08f149231eaa5bbb9ec7697087d37

SHA512
ab63446e72dca66b6b0dbd1dd62e8a0b507634b66ebe3d7be2f4d827d68ef0a4f05b3aa87406ae4504d94814cfa953daad04c5074d66ddd2af0e50b080062831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
64a8667feb26a871d5e1134782df633f

SHA1
d6ca14fab10994903c11711ff4df7f4adf1ca517

SHA256
1f269268105a175923338538c2d2f639fae5997a441b11b31ee3e8a34153bab1

SHA512
b413afd4f8ea61effa798a44c6b6b15f7e9af808cb2c94a667073f14c789e873e04ce8cdcda5db35b2b4842ed2e99190dbeaab8ead2032819e8f8a0007575b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
8d795b3eed4d6b7f0c6ebbf8169132a2

SHA1
027656d5a50e218c72fa3e4301b37a0253eaf57a

SHA256
0f0021b0101e5502e592d30082ccb43ac68715e193734abf321329342abab91f

SHA512
f24e84060cbe83be7bd6ccc6e325fad2b48f4bbf7b5b9f0d858910d93c933c6795947d033eb0689de3aeab6676c700510241082ccbbf98b2e69f50cad7faa435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f0f62de672357e1633fa35b58ecfdbd9

SHA1
973d213e25b2ccaae25456272a36499e36654079

SHA256
96eeccce90a89821718a9aef72fe6af34a0c4caeb50b3b9b57b68c5725407e18

SHA512
8ef4a9bca120f845fac9f0c2ffb0c7114f1c1be44ae48212762cc2fb29f8bb7cbe571f9e77cefe7f042312a221d11d0e81873744ea23ec0a8b1b3d54aaa68e27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
fce91d11e6ac414bc5a0201127bab420

SHA1
7c9da6225c7e68e041f7859560c077f5770fb65c

SHA256
de9e669671041caec810bdc646dfaeaa6ae1a3454477695699af732412ca3d49

SHA512
6b02b5ca19e0394166e80a75b6b9d7bc3ae6c189f2186d88651665e98501dc23ffadd5830750f8adc228c5fdacb0ca37c40f7ded7446829346a057f5b58138fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d840ff04744d5500c043d52bf8c272b4

SHA1
992175ec846df26a8f07bdae5928dc4c103d488b

SHA256
19cf11ba6bd5077eaad286dffdee041a1d2321a777555b9d679f00c0fdfc8961

SHA512
066eaba3082ba2eb4f46a96270d8d6c514af7317e57f206998efec643c4e3de09a937be783c401d6edaf64bce553f32cb117e61bf095c59efb6cc1ebb5c676f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
63940f8614e90490c2a7677a644e3596

SHA1
78df83906676aedc7de947149845d1c3e3c17ded

SHA256
76771ac93c14de4f02b7a34882cc57a799cd9e175651dbb21d0a3712b9d498bd

SHA512
3c1b12a8f970c6eb9dd4a2dd2f0419a6bd29a7601b8936c63438b4594f35b08af258d8ba1f58ecf82639d3e607572b954011d781624accdf6e9bfb23dedce022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
658200d87f44336ec0a83d2dbe912efa

SHA1
e0af295f8803a3ba17f3f08451e1e1c31c572625

SHA256
5d78073268d93d7eb2b1395a71ca7d45ac8891cd0f8617a9487708a0e8a5d692

SHA512
6721e74b37a7b9affdd7a1a87dcc3e1bacf57334c5ea72958392dfb34aeac4218bde28bb28f811de80c0e34a5c22ded484c1abf1939382192d15a00c177ce5fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
325a7b03c281e80800c8d34385304e7f

SHA1
6765a31a33ff67b79b9c73a6973258eef7eaa2d9

SHA256
9d9d36c5d158ad3e6f2ec8abc3fc329a8e6c4875bf07ed01b286fd1b34c37561

SHA512
1ec4aad51d95b9b2dbf8a472ca3fa65b231d27704e925e84e18b9ed188d348663683b1326b81c9af9eee361c61534a00534b05cb313f36d0ac6463fa1b12807a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b7154.TMP

Filesize
705B

MD5
7b24297531a89a0c1f0cad2cffc4e0ac

SHA1
4ca7fd31e246225405c6f213ea0ecb2408c74975

SHA256
3fe64fe0f9ed58ab9bb71d22e2446b455a31e95559d9cf9b6bb218727ed72156

SHA512
92c3955b18f7022707ec67d3bcd6b441c91116dfe9479402e060e45b3539e16097d3e2f487f96ac2597f6628e65a666ce155739cd98991cb48d788913a377969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ee12ec2a62fe87bf585c4d8bb8f4d459

SHA1
1547c414abbb1e206990fa8b6a04d516f9a13db7

SHA256
e1b48387bd1ba43728c111c266896d17a91bcbab126ebf98c80cef462f09787f

SHA512
51f9e10ce4d5fd5b17da7bfb12e875e1b77d86ab8c2be6fdd493f62ee79f86ded236a33f759abb8acc318e77a20a0a03f1fc9904a7034b14b521614b1a1166d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
42cc1de1b2fa29257fc556943a7a68c9

SHA1
e4cd693da127c22ee105397dda708d4163178be4

SHA256
83b5a1ea0a58ed7ce3e185725fccf91cddfec065671987d986c931e9242483dc

SHA512
6a12a4bbc0b37a2bd1110940ce0dde72505937bf061296354e8ac4c9c7a4ad221942d4521f2b5eaf1478a652a1f47abbae8f30e0eb76277ad3cc99367ea126d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f360a1afcc4ba52bf22b9744ecfdc2c0

SHA1
a194e23c7edac57454031bce6dd07248e890f243

SHA256
10ab9e23c13891418454925cb24760ea9f58f110bf4dc2fa2fcc60e260e51a0a

SHA512
47ddcaff89408f22b17b73cf242d428cf8bbe29153ad6965c8113cb61d45e57d9b682676ce66b2b9c056d98fb7e4134455da593942e74657ce26036ee03c2fb5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit