725d4d7b98096fc0dde3b6f4b1379f463ea884c48443e2c9f0c59f7a2d5a8c42

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-11-2024 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

929KB
MD5

7281906e05749e3a2617a16bf5c49525
SHA1

13bd6d6351d236860c74b25c595a1e6c43a98ec7
SHA256

725d4d7b98096fc0dde3b6f4b1379f463ea884c48443e2c9f0c59f7a2d5a8c42
SHA512

7a71bfe886548091df08f4315fcc2f681a6d20319f85cbe766e8bd3469b1a6cd2b7756a5ed06d5dbc1c564270388063ac9fe9aab0a046f2bab4aa52738279614
SSDEEP

6144:oA32hGxeOPdTkJ2eg2gpMgagggJgYgOgigKgMgGgj1gzg5g6gIg/gb/lyWgPNIY3:b3wuejgggggWbe

Score

10^/10

google discovery phishing

Malware Config

Signatures

Detected google phishing page
phishing google
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

194 ipinfo.io
195 ipinfo.io
196 ipinfo.io
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
194	ipinfo.io
195	ipinfo.io
196	ipinfo.io

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1732	msedge.exe
1732	msedge.exe
4348	msedge.exe
4348	msedge.exe
5008	identity_helper.exe
5008	identity_helper.exe
3340	msedge.exe
3340	msedge.exe
3340	msedge.exe
3340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

Processes:

msedge.exe

pid	process
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4348 wrote to memory of 2004	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2004	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 2296	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 1732	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 1732	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 5112	4348	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffde2f46f8,0x7fffde2f4708,0x7fffde2f4718
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,10970591708565818821,495917105020145917,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7644 /prefetch:8
  2⤵
  PID:3496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4140

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x52c 0x530
1⤵
PID:1964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
1KB

MD5
c6150925cfea5941ddc7ff2a0a506692

SHA1
9e99a48a9960b14926bb7f3b02e22da2b0ab7280

SHA256
28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996

SHA512
b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
e9d2a54edd381057ff27133c3f5c5d8f

SHA1
9408118eb0c7e793d8ce31a77b02bcdbdbbe14d1

SHA256
1685f9a50e86d89c2cb948015e767e31523f263722d52ee362daa40c32704daf

SHA512
90bfcc76c6cc6d204b8d3cfd7ad835355a25faa63132f2c0b7e47195757af320ad751d8c6e7105ddb2f6ff372129415980faa6bd11518b2f060eee36ede5ba07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
276B

MD5
29b04a098a9d22336f812863a5e66a42

SHA1
4c8e6bb26ac6404565bb1c94a76bb2d6e9bfc06b

SHA256
9fcbddc95be5238b271bcc6cf410d22792802192a5ca341d1431f32092c4209b

SHA512
ba02125441312976e78320975edde53ef5d7bf03c7dede3c6ede8d043728fe105dd7c04191e4e19839cc1ae514967c9d7d14e092a649927af37ba9dc4175bef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
47KB

MD5
55a93dd8c17e1019c87980a74c65cb1b

SHA1
4b99f1784b2bb2b2cc0e78b88c5d25858ff01c5d

SHA256
4925dd477b8abf082cb81e636f8d2c76f34d7864947114fc9f1db0e68b5a9009

SHA512
f9ade542c593067dbcd13ed94da1ba17a84782575355396db8fd7c28aa70a3120d0c0a22d3ca3d2f0774c1dcb06b9319e243b36001c618c92e0af25cb9c8e46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
25KB

MD5
407490850a11d4ddbfa8cfc8ca4b4134

SHA1
4a4ef50edd7d20ee11ee064a2ffc4f6ec7929d8e

SHA256
76585e2caa825e3e419d14abf626b43897ebc5ebad8eadebe23fa51bec943555

SHA512
49db102c324cc21339db0e9a0119cfd8281d881fda7a8e7098bf967151eee8b51d5fc4b9ebe4f2aec63c6c0960230d784e9c4cbba51260ca289618cc61e10ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0ee7b0bd0b2acaa835b5a13986be2c69

SHA1
74f1bfeb0d9e2d5a32d9a83645560492ab874d29

SHA256
7c2d391b2f5892bf764f9b125d4d8ba0016b4a67888833fe72b12308dc1b9934

SHA512
91852c78b1e6b29aff3af4cb999e8d267f040d0efa8a9e9069fcc98502012420d5ef34aec46db239c1acdb7d053d0e76676743442d0fa5dc20b1adb9e8283ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b53f79c01ed0528b24c919b647afd423

SHA1
f388bbfbcc92d43f91f47fe89d43bb716a2f6ded

SHA256
2deeeab59e5839c445f96b62c3959a8f38b0330692398b6c14756e2ab11968b4

SHA512
ec55b0df023d1749dcf849d6fbb28d52f5dd4b046ff5b2bae84a29442a25b633c138a1be88bdd3ce577ba17aab016719d9fce56ed2a8f0a9a53f870b16682cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
62c0206a7594497cffc1c25e0e67ed84

SHA1
e06597cb0441a315704d608151d02d14cc53c9dd

SHA256
27547087372d88def260b193869913d61532b090605b4ac8192c18a3d013149a

SHA512
0727d7940c15daf472b8757eec68f257608a88d7e5a740c89c9721de081005ba54245ccc5749f7e06a57206b845895fbf5f15a5ac367a8d8938e7db240676ee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
cf4b28cb8dd45f24525ed7100fc99161

SHA1
e9e2b3a316e697aaee5c0f1734904b7a132d8161

SHA256
9df17cedeb6ee29b71732003e74bb98fa520383f2aec788d492a8f58bb34258f

SHA512
4014d366c87a271469d4c36ccb02e35052afb426f2b423f1f6be8fdf7d7e99e5a88f04c3d9a7484e54593b627ee4288805476fd102968145cf09eda616af0432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a6c0e5c61d18f847b6a9fcc9612d1550

SHA1
4f0b2ec2d59082ffbf30ff32d14bd1c039086fc3

SHA256
3d92404b75740d335b77e0bc6eaf5cd214cf22f7fa0ceeae22e2450d46d5b655

SHA512
0c7b7435103cbbeff8ecefeecb4d7b3f5fb87a5551560de2a526b3c209dd799242a3c32cf9358368bac6b69c16313cef92ca6ada35f205004f4b2d2f5fedadf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5670a16ee73ab63a47aff96ddd1522f3

SHA1
9d336e7749b6807ac71cc0ac72fdce81f767e973

SHA256
a3fe77388dc8145c55d2c909dd92181e306d61151ec5d74400aba5847d10ca2e

SHA512
8f966e41781a5ba3e18af07fc835e57804d9fa71899a5928a4979cec9ba31931b7c7aa0d0960a1a0b0b2656e1125739667dbb1599e5807ca20280a7b2cc90532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ab67ec29b2c3867260a5c4ac5d72cf51

SHA1
4a57820bed77ebec03716033a6f2d097fbd9f1cb

SHA256
d7d183ad1f3b2982abb812a658504a9b00c626cfda8d5c11d8a922e934be658c

SHA512
e72075851ce652fdf8eec7e1585233b9977fc3891e89a342cc23fbd400d2fe083a1db08f34ce0b6b7e319d425042c32f6ac4f3f88f0938d10bebff7d04801410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1e98b6d7c9ce56cf8ae5050d32839e29

SHA1
d5281cbde49a23f597b4b7e6f47d9b011c2ba8af

SHA256
2fbe5f46127350190fe6d97ee5052f967c7838adcdae256883299920c393062c

SHA512
fc99384ed70a28be31695410738ef99f4614744c2b8c975ecf5b07fe7580de081669c5e1096e315a9fe19554bdd77b157ccac1a9ec41231de860a77b61de5c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5e03341963c53334074755a80fbf991b

SHA1
244db821d2d32dfd4643e4b8f4f32da08f53949e

SHA256
099bdcff2e8db52c16c77d052e432eb8a53bc248729c09779125ab6948c8ad0c

SHA512
eab77e7254b98d528b629b64325b337bb7e5e3949c1a9ea10287857f5def2ae8c792d2aea11f285fa8c99e288eca9c0d5958c6713b4713318e462b9b33b83e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe345a38c0172f2528b06bed6f11972e

SHA1
043246c601c56d1c031090c5513f4ca8245812c0

SHA256
55ceefe37a6c295253260fb63a1c1f9d144883ed67ef0c80ab9cb3714de011a5

SHA512
3c53007f4bd3dc32e811e0ab1586c1a7c67256fceb1e89414ac51ad335473c21cdafa91826bab4003ea3d30fe6fb0a8fc68f93a02e9f8e3c094525a5489c629e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0a700498511ac45d10884fde9fed0de4

SHA1
cf2bb2f49b7f060c1b3aa3cb7e4f5e9bc8bb917d

SHA256
b1dd797ed41b2fbd4fe236b9a959f9ca471bde6b14bcb14cb73649cab58ed862

SHA512
6e8a9371be5c2c8284735665e1f250e0e5e86c302fbe3f12cd04335c33f8bb3f311d281d399470da6e967fe6d3523db0acb29949c67195ed64b87d77f206759a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588632.TMP

Filesize
48B

MD5
0210913b03116c2af897da1b68d2341c

SHA1
7a19e5a2319caaf833f5637c9a69fa96753b6409

SHA256
6e4c8df952937eedc30351dd99c2c5e20c4be608833ae7e069fe994413626176

SHA512
451117860e07a3cf7eff3d98fe60e1627bf93213df4b2b92c6410c5cb40e94e00303ecaf65b880c664ec2f5be3a66822e13ea4f002e0632a6fc0f96be5dc3550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b65c29bc3c7364ed808dec26dbf4af7b

SHA1
8d7f99066a8308787c8184571a670c69e8e98ef9

SHA256
1fe55d42f8e42a92acf788e1602dc46ac17b990ee63aa4e8eaf0540f862ee30a

SHA512
e11c0528a71858e5f7cad59321cef0a3074d0674622f73fa292e8388a85ef9958468fa5cc8e3440eefb9a7869c016320c9dc4ab630324bb851f7ea42233f66e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7fbe38a39b74a080e34292eb9103288e

SHA1
57dfc18cbebd60653bf740e5b2e4b711448222dc

SHA256
988126f8a1c39324d3c07b13182bc8f0d39d44ca774fdef065e2e16944d01545

SHA512
0a23664853869ee8018c639ed6825650bbe3b96c649fbd39f9e1fe0f33e1495123279f8db0fe64c85654b18bb9419436fbf644dcbdd445ead69dc719905ed0e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d2cf9fdff5750c83ee441f6ab23102b3

SHA1
e9a06506e703d7ddca588a65af4f3b6e184ad987

SHA256
777519070c5697a7385669928bd388f13563e0289e7263a9454f0bf6079b8c13

SHA512
3d60ce0916ae64f6e56be86d56eb62d041ea5104133bcb2bddd9fb1329eb3c7d467ef087d6e416e4052372e54c34cd70af2d34f37ec27ce37f14eb8cc0120714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2783608595a2f3bd343e2600d7fc9845

SHA1
48411702517770f15737d2aa6e59fb3fa8abf9ba

SHA256
a24470d8c4e5851f690f85e90bc336aac7db48c69f63b6679fb7d8c65cf8dcf9

SHA512
1d867e5e39124b26a1e8e25db1828db438f624d3cd5d400f92b267d64906b3f35ba68563eb17a848a25ab79dc88033c2fa0a314ddba082101375b8bc35db4cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c329a00a5ea8ac46242bbb5f834d6881

SHA1
723acc9e0b318ec3f487c12e91b9ff0bca6ed03d

SHA256
4dda5fb5dc69f93c45425af9f5753c882ae7706120190fa201ad74dd60171392

SHA512
6d82f9b92f682976aa75e273a9d9159753184cbee9c1755a0f0fa145a2da244ff8eba66578a13ff48aeb8f4e7ed8c625a5184f04e32c7bbbabd26d0c11e651f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
812e26d5c0647dfe57e5a3ac10698cc1

SHA1
810c950b096185054f6fcb2a3f7f71f92f10ac74

SHA256
e7dfb04eb0a4e97055583ab288d19c64d6007521fb7830dfe3762f37f996d830

SHA512
35261b76e4bcbc06e4a972dffd4ee314c3ef5ba6b8dcbba713e144ca400f79666bb5c43e6d9722d2039d28dc5afdc96891cc033f8a99da2fac8e9597c475e0cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
64fc5ac16fec094ae6c67c691e25a6e1

SHA1
9ddb0ad7b7d48f7186182bc78b6b85defa90055d

SHA256
5c1762aa645a810f878d87481a0eb5182b0caa9aa4562d53b030ed31fa27f8fc

SHA512
d7ea91c4834e850ce4e134b54f41da3aa3679376330b2b89ba68f090fb410d7ee4ac0fd48a6c3197654d221d35896f1a7d3387d102d4f137568376f15c16a921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e4c0d2ae91b85406f8aa769633cb3243

SHA1
a64bc81bea6bc7a77fbbd7d9cbb6ff78dbe36d47

SHA256
13c1312e29256268c32f633e47ccb8709430aeaaee8b76f43a5d71e026120919

SHA512
891a9c9342af82e6815d28edb04611235cbe1adefe030179091e93a4f0390aa5595bd2f0c2f317ad383090f0d28d728e9e374c5c9fec72d8a8b6ad33dbc61633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de3a.TMP

Filesize
706B

MD5
7e8b2c4bfc81297368405725118850df

SHA1
b81fbae6b734378b9d3a2fd5cb39c42f0fbd0982

SHA256
c1aeb85babc64df67a738dc84a112736782ef29e7061b3c27c8be185f649640a

SHA512
c969ee8488c076ca6f63ed79419776a3f561dd44d6a2eb4331038dfb0b90bc17b995fdf7eebd29e9d46f1bcc493101c43af4f60093cab69dd774205cd0a708cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fec1b2f8e8c5ecafb92dc545ab955e59

SHA1
a1a6f37988f2a64e46b057d69fc897dcb3b4491a

SHA256
708b45a4758ea03afdd45fd11cecd8c01c728e91c9f236cd021f55870de41518

SHA512
df8ebc902de0f04bc27e5d9b584de43f3ed24686a3abbcd74f1f520c7d6c39945af7b11bf3b24b4edcd02ac24f20a3cd8ee5977f0ac1fbdfd341370854ed700a

Download Submit
\??\pipe\LOCAL\crashpad_4348_JWYHUNPEIMZHGYTL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit