hxxp://Google[.]com

Resubmissions

21-11-2024 17:23

241121-vx5d6atpdz 3

21-11-2024 17:19

241121-vvze5aykhk 1

21-11-2024 15:56

241121-tdmvbsxqbj 10

21-11-2024 15:37

241121-s2vz6stjgz 10

Analysis

max time kernel
113s
max time network
113s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

3328 msedge.exe
3328 msedge.exe
1792 msedge.exe
1792 msedge.exe
1620 identity_helper.exe
1620 identity_helper.exe
2944 msedge.exe
2944 msedge.exe

pid	process
3328	msedge.exe
3328	msedge.exe
1792	msedge.exe
1792	msedge.exe
1620	identity_helper.exe
1620	identity_helper.exe
2944	msedge.exe
2944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

Processes:

msedge.exe

pid	process
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1792 wrote to memory of 1904	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1904	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 1080	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 3328	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 3328	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe
PID 1792 wrote to memory of 2928	1792	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb50ae3cb8,0x7ffb50ae3cc8,0x7ffb50ae3cd8
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1636 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1180 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16515052369960364527,16704349825366890556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:3396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
23KB

MD5
8f65ea0a0590184339b4cb35ae36f6b1

SHA1
d0e841080d18c165a3b4dd0cc2f7a2286feed7b4

SHA256
0ab8379c6fc8d0759384265cdef22267c0ae82b82c14715e7688aad80d63f533

SHA512
6e16386dfd5ca905132555bb170fb900fe9b7d6f900ec274459cb83df0c9e17580b30f5e1c4fce34b659cb0c2cab960b2a0725d91bc42c8792a5d9dc63647cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
32KB

MD5
d5da4422ebd66b6f8e57affed92629e5

SHA1
7105a5039075898b6fa3e7848e5f1f4cc555c42d

SHA256
acc907e9ef145934ef552da2e022cad1a6b5d75fe018b51ae9c00bddb7e0decf

SHA512
507d7f9e96390b1c517227c22155657416c216aea90c93b27b5f6c2bb2ed3b24d98592bc82868e910ad86a229324d74490801c5fde8c4b097c90372fe3916023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
27KB

MD5
dc654d5da1a531fdb3b1bedb619b0182

SHA1
49d3de45bea7c279cf0ffe4cbc43c24779d1877a

SHA256
b395c195a5854253500b3b210e585ec801a47b49ce7b90fa5a9717df387598fa

SHA512
38952929cbf8e103cad50007cb492c93a7feb8d9d1853773883e2771cc97e50d6a514cb6347c912e7945d126a35677cca854ce8542e2210d7e59799238bae8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
20KB

MD5
02d0464758450d87a078aea4e46187a1

SHA1
41154a61b8192c00a4f03e5ce97e44ecc5106e74

SHA256
c6aabc7504bbf101eb3b39fb3f831b61148f34605c48b02ba106aedccde52750

SHA512
9af139023983a975acb29147037f4fa8ca820e15b4c5f471e2cb000909970ffbfda2b210c8330cea93271bfde3732455a545730e242f1a0e59871bdec702b39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
67KB

MD5
ce58019b091dbdb1895be63d765b1177

SHA1
37a38458a92835c43b270069c0629c6975b2ba69

SHA256
8defb86fd585d1e578370bac22698f0de49d509d7398a0e83fbae7a9d11e0fcf

SHA512
36be843dd5630cf0c76219459b2ff946fa91ab90be31e3ac62452642a79a062b9d7aaae14a0ad8fd92b1a6d468394f1aa8bfe45f262f33e34048b46e046a1b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
20KB

MD5
fa4cc25f0f72ac052e9413b46705327a

SHA1
72127f17a73fdeaf1d867ff721f8115e90d82e8b

SHA256
62215bb3463a1bdbeab484739c056495d60f9e6feab8e3974cde6bf69504f05e

SHA512
b33ebe5aad7802e7aadf31bc490bb697a7a941c4ec9a03c211b42bf54403f05dba02fdbe42bd7c28a27e309c868f4d74c060840a4aefdff57ac9c5c2cb66921c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
20KB

MD5
e92faff58b6be9dba9bc283c4f4c8513

SHA1
49588273a413dffd248cd35dd191189ed2c2343c

SHA256
8c6c6736f4650f9bf7af6fe14128a3d173816f3dee2e02c5552240c04852b691

SHA512
52ddb77b600f519eed2343d528b9c9bc03585c82edaa91c63e8850d19be23c2f645bc8faea19c3d75ccffb30e4e69a3605883106fb1783346a8883465051643e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cb3ad839e39e8185286f2f7c4c6897a4

SHA1
47b94be1659565e5bd2088b065194c57f34424d2

SHA256
e9047f2bca37368c34219732a9233e1ec001df1224ef21321b67004713285300

SHA512
34edc561d3db389d7562de08a75e4e2d4f43e680d9c2f53a74b8fd7eab250f3303c991a302699d66539b2ed23ae065cca78ff9ed1f31388d7a27336497e0f5fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
456ec726a044e9d9960c235d9447182f

SHA1
ff917b50544dd0f3fd5125d19707316f1238fcef

SHA256
588fe5a9aa766a990f1325325c89c30fcaf098d6e748f6080b473729ac4c559d

SHA512
417aca71658fd0f1735e46e2147878ad6910b1070c6005d892a0cf1d49776339a46ea93205edaec207956e2797038e197299df0bb2eb058074df8b5563fd5e61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5f29d5561bc4adcb32a1226c55889aac

SHA1
1046f534cdf16c2ca2cea805917b9d9e1b2de1cc

SHA256
6a21c4b326db6265a2dda07aa5d340fd57b98e682275cd44d8bd00b8da86d2c4

SHA512
76ac2166323367f384c6c631d031694c8f88879cf5672e6bfbb2ca0e5ad5986ecfc414855fe445ff771d02955cb3a38d19945bf35cd8d2bf52ffc9671658e619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2307b03f052d218c7e74dbcd98913494

SHA1
4f372e763af3cbf08ed92179508006c180a0d07b

SHA256
6756005d4d6be9d107a75fa6650b6f60ebdda0db8347147ab8a8a6fa0a899b91

SHA512
7626b323cbd9b47a963d5f814256abee18a541e770b2cba2193d1fd7937e46525f427814e8507984b8f5c3eda7a453da60f933d7173fae272be1d32492f71f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00bc06ed70043fb1c3ea98df8d886289

SHA1
b605bde3dfe349d66519f4443c1e915407873e4f

SHA256
001e2b2ab404a9f8e5d47596302c71440c1448ca4c21d282b033029db0dd2a5f

SHA512
db195ba25b3b2bf24c839fdf901dd894a59311b97dc2cc4e611fad10bf7ad5d30415258c3ff89931e558c1d0ae78b5e6e125668b207edda089986bd71fbb2f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a301ecfd32724a2ffbf532047eaaa11c

SHA1
d71501c47828e63e16408d5c821323ba0814d8d4

SHA256
90129dcfda673ca38d134d02daedd4d1761083873503b46c338bc6f367bf488f

SHA512
5f5b0b862df46cacad4fc2e00032f59fc1b12990ef0c607a426c475bad85762442153d93ff521c6af0228643ecb3b384dbd9c141544ccda2c8c9de159a876e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f62163ea2b7e6707c1283728d3116122

SHA1
82029162a4d92c399fdcbd06be40b30abe77d517

SHA256
46b3d8a6f05e58f5e673c64cf1c5947db022b7be02d75d230694eae7c56482bf

SHA512
ce7ceefc09ea31bffcb92c589f3b37241b752488b1ecf93208e10ee57b3be0fe8c5abd0554fde3699749b7444296641e55215a87ac96f468c4d7d3217aff817e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a0542514e884b2fced4d199a791327cb

SHA1
77af752dc1d0f62201cd8cfe8962caba74761250

SHA256
c33eb7c6283fb337c3ea274855b5832d5cf3ef82aefc2343134dde19f66dfa63

SHA512
9f53b50804195ff12f7a014320fa36e97164adce64d8322e28dcf92a5580a33db7ddd37ea52e631aea83ebaf5d39d2e1841c1de98bb3985cd30c243e373e6065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2b249468e13642f87a8f267de2d5707b

SHA1
155fffa69bba479af7305ec95b44973f4d09f889

SHA256
4e564aca1ea47a1a16cdcab96161ff7e28dbacf670d59b841474ff7f3be94844

SHA512
23a4649abcc45c789806afbbe9805ff525f31ed66d98777c1b110ae7a584457eb89073098522a64bf363ad6c67fbb887b87edbabc5347072092d406b60e207b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ec5f.TMP

Filesize
48B

MD5
14ca91faf643654e75a78299feaecd02

SHA1
dd9e1c074599b618cbd87eaf04aa065bd9b29daf

SHA256
778b9e3fc77e5255e9ef4f557b7aff9dcb28eeeb82732a1da42e0805af34bfda

SHA512
04aef6e3c4a7ffd586e17c0960b0581bf1a4785843dda09b098b42bbab1998d2dcab8cb5b8a7b6d0c7530675e61d22f117b25ce89d5748bb3354d88310aa6b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4dbb6fe88a2e0c21eca32afae70ee44a

SHA1
5a9ddb4943df2b708044fd07c0e173251f607a3f

SHA256
88079780770214add212879429687b788f342a32f4c8565b2ea86c6af7185ff8

SHA512
bad48dcca4766e53e017428f2cb164f6b9869d1024318b709f71636d91519d1a3a1b6625ad9893e35cc3a1ceb49a99479e5f721ff6b41317267dc77065a1898a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b32f3e65bd0bb4c81cba197f69c48958

SHA1
c91382fd1bdde853dc998532443ce569b8299493

SHA256
9835eb87e36599cb0163108a173b670729c089b100a3a0e021a56a235930019e

SHA512
a94b08a53de09df95b6c08bd06769037848758301e687ce9a5e7cfa068e00272aaa6a7d9db3e01993a537099f4cff202c4fb1adea35df225ef4a325fab98086b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c2fd.TMP

Filesize
536B

MD5
bd6b2daafa01220f2a8e3e1648080c9a

SHA1
7a56154368628482276bb74f5c2d71fbec8b5dda

SHA256
04648d7da817271f0bcfef6782794daf9b2730f4c37d2ce7c79edf697efa0ab4

SHA512
a84d206a30d77455cfe182812a7d5f46f583678f5b86d7c922205e203f487cede80450f885a54c3ea9c505215fd6cb647b887e0276ad186bdb70411268288594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\de5275f1-d672-492d-9c3a-327c865fbcd2.tmp

Filesize
9KB

MD5
ee1edbd6b66e34d6c6df468ea8854bd0

SHA1
64354ba95218bc410336ac76985c33d3bf47ca89

SHA256
778b6a764deefd2de1e0b15068789cf19c5fb2beaa92bef74079f8f0ff342c86

SHA512
6dc05247a0987a9fcc8da9fac9c74c7e0c83cfbac1fcc153cae3e60f680110bbf20ef983133b9c2453b690116a9dca454fb7eac1e264561a5d571ff90edcfb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
412afe90417553e391b5fcea30f5cf51

SHA1
bfdf57d4ac36271a2607a9771dcc05fc9f95ef5a

SHA256
e52e0dfb4e572a3fe5794905a516a9feda5b32589807dd9b817752a274e26f56

SHA512
69242b16f126f71b8ea2a98d07c99a0d9fc9a90ffe474dd1e3bd4aeb177d1e315702ed612188ce17a1b654666a03d78decca2718683794664091e3f5df755830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8c9f34492a59b0ec43c29f477ac30bea

SHA1
762a786edfbac1a6f36bf5aea26e0926f6f7949d

SHA256
d598707325744a7c75748446260c1f3ddbfa54eebdfc0f8f1d31fc5b3e41fae8

SHA512
759bfa87bc7b1d3e46d5705dfb82a69a762e63969b883396961f7dffb851a63d8455ee0d01fd7550951bb2f0b87064be4f7398e77ece645c523e88c8a7ce8c64

Download Submit
\??\pipe\LOCAL\crashpad_1792_QVSLSRRAUQUFQHBD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit