hxxps://public-eur[.]mkt[.]dynamics[.]com/api/orgs/88a21dbe-0cab-ef11-b8e4-000d3ab73076/r/ITDpQP9xc0mGhZTOns8zcwIAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fescclim-my[.]sharepoint[.]com%252F%253Ao%253A%252Fg%252Fpersonal%252Ftech_esc_esc-clim_com%252FEhAtf79h6jhPmHVrOq0G3zQBcIqaUIUgKKgPrxeGvockQA%253Fe%253D4LkyBM%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%220%22%3Anull%7D%7D&digest=w8KszEUMxRXpc4kyRepudGYpxF6dCJlj%2BwOvs5Es14I%3D&secretVersion=7c13c22c20aa46a1b2fc8b71fde4d19a

Analysis

max time kernel
198s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://public-eur.mkt.dynamics.com/api/orgs/88a21dbe-0cab-ef11-b8e4-000d3ab73076/r/ITDpQP9xc0mGhZTOns8zcwIAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fescclim-my.sharepoint.com%252F%253Ao%253A%252Fg%252Fpersonal%252Ftech_esc_esc-clim_com%252FEhAtf79h6jhPmHVrOq0G3zQBcIqaUIUgKKgPrxeGvockQA%253Fe%253D4LkyBM%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%220%22%3Anull%7D%7D&digest=w8KszEUMxRXpc4kyRepudGYpxF6dCJlj%2BwOvs5Es14I%3D&secretVersion=7c13c22c20aa46a1b2fc8b71fde4d19a

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1880	msedge.exe
1880	msedge.exe
2040	msedge.exe
2040	msedge.exe
960	identity_helper.exe
960	identity_helper.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 4388	2040	msedge.exe	84
PID 2040 wrote to memory of 4388	2040	msedge.exe	84
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 116	2040	msedge.exe	85
PID 2040 wrote to memory of 1880	2040	msedge.exe	86
PID 2040 wrote to memory of 1880	2040	msedge.exe	86
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87
PID 2040 wrote to memory of 4520	2040	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://public-eur.mkt.dynamics.com/api/orgs/88a21dbe-0cab-ef11-b8e4-000d3ab73076/r/ITDpQP9xc0mGhZTOns8zcwIAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fescclim-my.sharepoint.com%252F%253Ao%253A%252Fg%252Fpersonal%252Ftech_esc_esc-clim_com%252FEhAtf79h6jhPmHVrOq0G3zQBcIqaUIUgKKgPrxeGvockQA%253Fe%253D4LkyBM%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%220%22%3Anull%7D%7D&digest=w8KszEUMxRXpc4kyRepudGYpxF6dCJlj%2BwOvs5Es14I%3D&secretVersion=7c13c22c20aa46a1b2fc8b71fde4d19a
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff267146f8,0x7fff26714708,0x7fff26714718
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1148 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,13303728786145630160,5705870274146503448,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
52KB

MD5
bda2a0473abd410d22ab7b41a8612201

SHA1
b1bacd1d3a42d5007db5aae1b9e2461b4b8c9aa2

SHA256
ea655b522e0136e3abba4295bb06ff03233dce6fbe9dc2081eabd73c31cbd1cb

SHA512
c209cc890c824a8403dd279ff0564cf4741d1fb42e2a7bd5edfe9014f1586baedf5ec69e2bd7c3163edb785bbef5c6a42b179e665e91d9fbe44e4946e30e167b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
21KB

MD5
942e2ba31d132bbe2486ff1e36883a86

SHA1
bcf42c590a69f66c3a2dfad64842e44913b69778

SHA256
c592232c7a1dc346f52af20881107d4f337fc6ebb50cf671c03a3fd01f64da83

SHA512
5f52f31e1882e074500897243b4ba1413758fdcf535f47fe9ecafa15436c68195477f51cd3469dad4d8ffc391c30e6e966280c088d4b7a5c50736ce85b157caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

Filesize
22KB

MD5
9196e81f8ed7f223d765423c1f9bc8a7

SHA1
88f9d5c2a6908cf36b8daae803578ca9e1fd2929

SHA256
a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe

SHA512
e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083

Filesize
35KB

MD5
5009982b60a0f93eac4c1728e5ca17e2

SHA1
c0f932d333b91a4b971a52ce88bc96320745064f

SHA256
2ffc0ec332938cbce14008ab246c3d918800189aece932e92bedd8adb8332fe8

SHA512
401dd0a45c177130628787b92a17642783d27b1a977833af4110d81cbf2572a159a371beb473baa07ad38ac8297551aadadd2ebb80401a73acd580fdc03964aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
79KB

MD5
e51f388b62281af5b4a9193cce419941

SHA1
364f3d737462b7fd063107fe2c580fdb9781a45a

SHA256
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

SHA512
1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
40KB

MD5
b786554392ab690a37b2fc6c5af02b05

SHA1
e7347fa27240868174f080d1c5ab177feca6bd84

SHA256
ebe47cc89c62447316148809bda9095bd07bd5392a99ab4b8ac8b9f6764cda51

SHA512
b71cdb76464a775fca909cabd0a7435c34de3ee4e19c40f5bebba6415295f0be2f82532a2ecda043c787ea4e8c23fd4e582a4d4322923fdf603a56e3fcb8b567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bd

Filesize
78KB

MD5
39ee528edab707e548ebbb57221617e1

SHA1
5daacfd736cfbe9aca6b86da276001feddef5f6e

SHA256
f2af87645739ace53207cc80411fffdb7ee77cb0fa63616a77440fa2e3d82086

SHA512
149775db7e342a72a0da0d1e06cec818557ee111058d3bb423bc009ee7e20be5859a198fe01fc367c64437300207ac90cff1628f0df3766c739ce96b9c861e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f006a0fcb3e51ed40a30a5728503e41c

SHA1
2c99c0b11aaa00369779260589a3e993761646d1

SHA256
5bc98fb70f2885293d96aa819b2958d273daa3a4f56d234c3760c581f40ba19b

SHA512
bdfab992560749bff2f34d5207deabf2b068d9a597941e136f119e8a9da576082f3f75101358540138e13193fdb44eb25565ade323abb3c670313dd1020c5718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
86d3d179f9cc7b5d398666cbde906328

SHA1
e10c2e7a647ab47103e94a3fd762334395c2d94c

SHA256
a14e1d9be26c0b8cf074929f03488469094416a12a650c554ac0215c551c08db

SHA512
1374d38c6b3630f4e873b8da6d26d1f984a3f6d6ae18c4a4a70b9dbbe854befc49189ebe8265110f08f20361c733382e96210d78eadcf4642ed475b063abb983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
a15ebab57ba7c02b08abc059138a45ab

SHA1
128e6cd9502f10bac3d7c0f6399ff08bf71bae70

SHA256
58586daedd7986ed5b037e7c0e326fb3783900f0da54ad6d3fa346e679b5a0d7

SHA512
5a5f7c6ae50f7b84bcdd955bbe024a70fd66755d76e07241794905473b607bb95a1a808a085d85ef34498942862325cf7e1413bfa35ce7a3d1be4f03c028dda2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG.old

Filesize
349B

MD5
2673d6f09fe5f4e8e1528a52869e3402

SHA1
71dc40d0b62294b684d3e0a33b789decbb502c1f

SHA256
3c96b96dc863770513d512fd425210b234ebf1c57b623b69dbee94425faa5a98

SHA512
09ca56b9e4e1671d2c8e295a4560b57dab6e904c5a3f679c4d5ac3f82d98e86fe418e33779def5f25930fa763d2222dfd3d62be5e6029caffbed4b0df6c2adf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d27ce157830c61bc1ab6d7d0ef6ff2ec

SHA1
eb54e22432024821f724f34fa906d7fc3402673a

SHA256
a51bdfa46461c72c35f45deccc9c75d9021c099e523cf8c9a2f64ad2fc9997fe

SHA512
e7cd6b47a168a6fc2bdd44f4d0b9de62c22859f39e3a2dc5ed6af1535ed2621a621cadb1248b5e2f83e6c9f50306118932114390d8d281f6b72d90fed5ad3d4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a0eb20c776d9fecb5dc94ccae3bd90f3

SHA1
ce79fd1d77fc4382623ea751fde9ac7b58ff7765

SHA256
b6fad7265090b31513ccbf8996a0840f1e9289b71a3ed3648581f21866a734fb

SHA512
ef6aaa1f2fbd7e9c5400f463f8c3048df3756f0cea0213b818956b16fff63fb07f29d09dea2a854738deaf7aceaaeb9bc0a8dcb4310e102626a3a93afe782a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5e922fbf072ac689ab5312414f19ecd9

SHA1
977ed035388d59c775df2db388429aac7eb3c977

SHA256
2ae4524d3656d5844d4c0b0c0beffb07f8633a2f1e3e8183710df44a844d2447

SHA512
9267487426a32a23f50f65182e2e2725831c87321be7484a5fedfad1f010fa29294cc591803fffa5a42389ac8f273b326ff9c9ec48f51de33d61c68779897c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
698a636f2233720b6f0e37839a921cb1

SHA1
776e00b783e35ecc55df204a0a5ae0117d286b43

SHA256
68395b322617f00d72fe511a35d687446870b3bca43ec03adb60e68510a35c60

SHA512
5a6c86ea7cb2316fc7fb13be721df1b9134a16d1e0fa2b8cf5876cc4d230e077e63f85482bf0a223bc4f2ee2eef0f0013508b3d3d4f670acdbc3b459581d6d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a4e5938978ff7d3b984e1e288ce4a36e

SHA1
17b10dff394060cb414b28fa11f06050866dbd41

SHA256
0245f2a588ed4de2cdb4a4ca699f765de9358a3521bab276d14e3b4c3f792305

SHA512
9cd0097491305c0ce0e5da6f5e6c0a84b3e01736a95d3f88a287e9c0dc5677ffc47e1bf820d06dd70613544972f4ed80c0995de360deeb88b106e1317cb87ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9b3442932cf024facde627f51aa0521d

SHA1
7df0fb909cfe9689ec4c92e417b509e91817d254

SHA256
49ecf8ccb6acdc0198bdd69faf9fcc95c3ae2c7e805488655a0fb4ef7f9a284f

SHA512
76b17078f95998a8d88ce2967c3363d1ce1d813a9c6f968f56e5500792ca2630c1b9ce126baab773b46d31077ec61767969dd320149f6c2e1a6445d673b24444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bb35477d8ce2f3b32e6fec7d87ad26f4

SHA1
e515a520934836a505ee9bb5b22bd59a64ea12a4

SHA256
159f906f09eff5014b24c9fc1f6f053c466a9340c73f752ed6e65f9e42c4b34f

SHA512
3427c573b7935170d81c7af5109dc83d83962e4b3ec2a77055c4f85fd1459c0f1cf0d888b30131a25676d21f64dbaa3cda4fb1292dff1e6b8c8091a892fa8940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c604ced8cd9050b597b423a9ed1c7a30

SHA1
4c18e2bcd386b3d651266f325267f66bea397b01

SHA256
60cbbe865b3574b06adab3ae32d820e86d659537b725d695cb894745afc3f7d7

SHA512
87292bcba12af2e51d580df1af86c8dfdb857947d280acabad21dbc09d7b2ce18b625bd0184e3b7c61c381d0f4c9b514b2860ab0985086c37e27a1626c0cd0e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a4759d1e78df175871e1a4b32070774

SHA1
6f6f4b349bf71aba23b9ad297138874bb0fc22e2

SHA256
309d332d609580cef728481f49fa15337ed1b8de341b2a369070a66fea026952

SHA512
6570023fa21e8fd29b6f105dfe3c3b23387e49acbd49cd4b61f98865591ca4bca7441d1ed0c7128566d536f1e2922714a3cfb55bab3ecda03e2ce02330924a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\94004970-8c95-48cd-9a73-79b67b3a0731\index-dir\the-real-index

Filesize
18KB

MD5
a2b2ebd14afb445840fcd40c9a7cb628

SHA1
6705c3984d4b8dc97c9614ac779552fe4a8370f8

SHA256
fde502e75ba90e6bb940a2ca9d941344c9c13f594ad0519d9ae4b9b11cee917f

SHA512
13c86c2b4d6c11f7ba88dc76ca43763b07bf15dc9b02314d8598716c9deacc19812b3fda9de9181b0c7bb80b03322a7ff2f0592aeb243610185d00a2ef037dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\94004970-8c95-48cd-9a73-79b67b3a0731\index-dir\the-real-index~RFe599800.TMP

Filesize
48B

MD5
fae406417f4731e3cc3715d0b343677b

SHA1
5fab427a1bdf32e3aed9be7a6c81e56e79d1cc0a

SHA256
1ae839f17b51bab1ea1b3ae38cd143f3f2071e0db69f44b0a5c0fb7be069beea

SHA512
3e3c3f01f27c09c69603bb49d87fc8a0cca0ce435c3c975aab21e3cc9bb312f6ebb3767ae1a591d63791b1a4fdb02790944a3d9ba6b5d718d1c4f88227f256ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
228B

MD5
a02aa7c84e2410750b6933ab385d66c3

SHA1
19211460027c3f1faca624d560a408b66c9a1a30

SHA256
fef1037f8624a7969bfda4166814560abaec1e860ecbf95aafabb83cdd57eb6f

SHA512
8fc9281e33d5ede085a16d66289c971b1373f09b7d7b4e2fff5130327fcff87797aaad6bf75c3cdc3bc0179270bf07ac9bc1506834dbddf68b9fa8327f76ac8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
231B

MD5
43402968d11e04a789a6c5940c731a4d

SHA1
dcedadbe3e9c22bb58a82076b06282eea147371b

SHA256
bb2bdfff43c122af889f252538becef36f7c778717e18b115a6d6861e8a0d111

SHA512
fad4a65c0532fa8f3e6c04a3b00d06e4a59f02a1f9bfa7c68dbc394260cbf71abe9a9030e7ef6f9475494f5f34dc7c2b63302f18054e503db5b18e68a4d10916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt~RFe59136f.TMP

Filesize
235B

MD5
9121531771d5fd9e02dd24ce6969412a

SHA1
6756a586f8d089ea2088d4b856ba5d9f88c64421

SHA256
d0570e115be4514d6562cb28ff22627861ed1470b6c8ff5dfb82e08b0030d6d9

SHA512
ff1370073f476ce9c50d61c0a4fc4afde7d90835d9c2e19d402be3f481310288ba228889be5633860aa84dd4e8a7170625a134539688362c62f75f4dfe54da5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
06e2073dbc29ebf0f387be9e14d0fefd

SHA1
a53e189109558d581f9ae8bf3bd4a023d5aaaed5

SHA256
e40a490ad847090b936384fcf890488e60ed037febb1a7806d6a3234f255f43c

SHA512
1d51be48abc618f52f0f5a2a2920af0fa36051630a400ef17d8131776a028e304d922a2f30f09148fb9ce6788be7424cfb79c1e267770819820cffa1c6916de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe591340.TMP

Filesize
48B

MD5
7c346a91b0f2412d856691343a79a02f

SHA1
9d9eb228fe44228b4a0ff42a5d5bcd1cfca20ad6

SHA256
161a675a264b91219241e8c300fa29f8cedf3d12c7a35a3d54f4869d3a478d4d

SHA512
b54d65c454a1e02bef5da576050d1664a6f2a16f8ab7b827ba288cac2dd29bde15e2d2b8aa10686aa8607100eb9a5427d46e61182ddfa374945604e80a1a5c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a62171e6a4cc4ab1ca705ffad0852244

SHA1
2cf02b13cbab93802577d05b47455c0ca11184b2

SHA256
da21ced8cec80e40c5120629b252618303da6b8793d7b3dc733599b2650eb538

SHA512
21e02599808ce6cf54758aaadd63da1ff1361d4b22d04ca085dcf84bc55c737e3039bfb2df85c1fc4a423e2003ca5725fd5f43e37c6787f65f992668325156a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
54b8f6c8026170de867baa4e21adb31a

SHA1
783284a1bbf4b9f592019334ba88e4de04c3c325

SHA256
9ccbbfeb6bbe718c5baa1b2cb598c0602b9d5a76215f34fbcae10106f5e0b69c

SHA512
ba5013ac3d4582e22338b37e172940d0ff7824d986429ccdf2d54fbc6eb8ea6841d3e15811610b893e50c12aa069bd2d45074d6b0d75bfcc1dfe737f2557190a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3b585f8d3049a437d48f5d8dda81aaf8

SHA1
219158e1d925e6bf4c7298402258b5fb3e72657e

SHA256
8cabd8053cd5ab114ee0e9d16fa587ea6e178ce34b00c7ef66969fbbc11d5e8f

SHA512
e2af9c9216b6eea8ca8b976b081b74fd2f3245611f33e8eabaa48f44d6d269c7e9c06dce3a300771eb76beeb4747d3861af24426f27e1f232bc0727e987c593c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3ebb9f3a931c7b3cb60cdcba14d5541a

SHA1
f50802b03f776116f052bd638ada8a329aaa749c

SHA256
3739dc6046b750085dbbc33c8242d0474611ed951b2dfe41fa868546d5d863ec

SHA512
ebf4a6eb0e002b195ffecc215d19cd7d96aa4e256a84e6295841756052d737413cde53ca3a387b39234aec908a2ca9796c67f0354b163a60748d8f58e46e8563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
01b8f66709d6e546308a23b65f162d6a

SHA1
3b4f1c3229d06725c6acc08789b32df442ac7a05

SHA256
2dd89fe30868fc44c735ce18e10ebebcbf3b906c314345baf7d65fba0d34d378

SHA512
acbfb008f7c35b86a4340dc9714e6672791689d425e963ddfd19cf6887dc375c1641eed3a4d371d9f062650d5770963f1c1d6095ff2bcdd47efc753ae8513c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c2144b25dd59c4f70087011902ad47fc

SHA1
d364e8127c154cbb805e3939cf8784c070af4962

SHA256
9fa2593413e885363bed9797458a08bb2b5801cb6efb243bc852f4bdbce2e06a

SHA512
e72affaa9344b1dc62d06d1e4d1f2bf76d40143aa257189126fab6b7dded7cdc9149b13a2c1c65cbb5096f3d943cac55008370557567f2e1e745750730dbde5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f98782a60f2e01a112223f2a76fa0550

SHA1
5d6f2bbe08ec9c5ad7eb0fbbf9dc0ad9292a7d88

SHA256
19ce6126092f0c1b6f0f6d6e95157b9b0fce972366e0ef6dec48b94f966606e4

SHA512
7959ce5d7a74a046ee01c207978d4cf96ece7672582773ffd5a4afd0e0f33a39db8eade0be5df727d8dfe124e08f754184a55248ba8cc2b498edc5486b355485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
0f157d1c3cc75a1628f5ce7f66bc80bf

SHA1
5d6332388ce0fb783fb2b21cbaa6de71cd4c191b

SHA256
cd7e610bcf9e7f8d3feb6bcee69254aeeafb2f7d2f37df677f84fc15d3a0e9b9

SHA512
c3a02cebab013084ee0ff2a2ab98bb5a87e781fa67f70ca49d5fdb4d9bc67dd4921a050ef7906aca5e85b471a967a6ab872c8b5127316143f726e3ad58ab99e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
902333067192e67582fae1c4d1dc7025

SHA1
6d9d5cf06947aa96426972eb8f564132aa3c9068

SHA256
48b3641743bb8d2168dfe282587795989e023679925bf3033133a528b3506560

SHA512
b37a9551dea88b557b06e77b714dc11f25d96e2eae3ba7fd7a0a41ed50fb22405494c5e469c95357acefabad222a1abef2a16e1fe7f7802fc6b905362c04202f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
30161e58cb69904b92834db649ffabd4

SHA1
64d80d529269459d6796d00545ab6aa1e1464cdf

SHA256
06d3dcd225931b3bdcbc07cab652851d28be86685f847020499ae00e73cdeaa1

SHA512
809678975e3e14ec69aca8dda26e4fae544b46056b9ef1cc087ad316b7852c78d86a63303c7f263c25cce0ffe6777ca10658c59da111a9e3c4d10ae5a5715418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
77b1f7f0d91af14941c4c0e6e1f28bfd

SHA1
dbccd98649ea9e4af8e0283644b9f94980179f8c

SHA256
7da2e280c385843089b0fc0bf67f65093a150ed34334e0dfd7414cfb450bd0a4

SHA512
0cbc3dbba317603f127a1f4c0ef97ef29148067ceecda86071c207848c600758329b894ccdd93ccae0a249c5eda6cd291b30de8477b6b30cfb84db51a0374239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c06d3ca48d64b9004c71920b6a2edd27

SHA1
c6e8b1b3b8972ebd85a1dd4893aa31b956e72739

SHA256
1eafdb3abbf7c7792763d66fb595b3d861b6d79f7d6ba7cebfb5750b1cb6ae1d

SHA512
fe4075e4ff5feeb0c31f76d3da39e9e06ecbef1de72848f757bac3da507e157cdae260d4bd1cb6f53ca53684a616ffb39b72fb8cfe85a8229b3d400a0f16ab7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ecc1.TMP

Filesize
2KB

MD5
c763a4340af0f56482bd9aa4624a6577

SHA1
f710a7dd40b4344bcd15ed01101ce886c4975125

SHA256
b44387991a8b575472f547f8136c3bb0c83aca893ae3ce199bff37c3f2572609

SHA512
e5cad80536fa5eb88cc23fc20b9026d21470b5813d33c8f609686e8d464ae30c378e265358d54f5f24e6b662227c40387963a7732a315584d14de66c79ced7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6d95a2acc2dbaab27dc4d733b8876ed5

SHA1
148e9ee1a32375b1848c810eedffd0778c925f8c

SHA256
4e68b6d7816c9f4dd87cdcbb0ca151929c82c169339ec0894f648e064447bccc

SHA512
d4ed0b808cb389aa4ec64c26d21c16bc144806e22f02c5eb3f1ece24f38e3e912f09d08d1e9cf86485385de236f7181ad61c86be0586d8c4d40b80170d53fe5e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit