hxxps://ch[.]bing[.]com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=

Resubmissions

26/11/2024, 11:58

241126-n488cswpdm 8

26/11/2024, 11:53

26/11/2024, 11:37

26/11/2024, 11:30

26/11/2024, 09:55

Analysis

max time kernel
145s
max time network
152s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26/11/2024, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ch.bing.com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected phishing page
phishing

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d9d9a134-3289-4ec3-bfe2-845508eb737f.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241126115828.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
564	msedge.exe
564	msedge.exe
3764	identity_helper.exe
3764	identity_helper.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 564 wrote to memory of 3880	564	msedge.exe	80
PID 564 wrote to memory of 3880	564	msedge.exe	80
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 2632	564	msedge.exe	81
PID 564 wrote to memory of 5024	564	msedge.exe	82
PID 564 wrote to memory of 5024	564	msedge.exe	82
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83
PID 564 wrote to memory of 1744	564	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://ch.bing.com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd039246f8,0x7ffd03924708,0x7ffd03924718
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1880
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x140,0x120,0x144,0x7ff7af525460,0x7ff7af525470,0x7ff7af525480
    3⤵
    PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17466885397396271036,5051906897778253153,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6720 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9d533e1f93a61b94eea29bf4313b0a8e

SHA1
96c1f0811d9e2fbf408e1b7186921b855fc891db

SHA256
ae95a7d192b6dfed1a8a5611850df994c63ba2038018901d59ef4dae64b74ed3

SHA512
b10de657d0cef4255e96daa1b6ad0c99c70b16c13b8e86790ea226e37e9ded1a8f8bed1e137f976d86ebc3ea9a4b5eb67ce2f5b0200025d35dc8e94c947ff3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fccab8a2a3330ebd702a08d6cc6c1aee

SHA1
2d0ea7fa697cb1723d240ebf3c0781ce56273cf7

SHA256
fa39b46c6f11977f5a2e6f4cd495db424063320fbac26a2eae7466e82ffeb712

SHA512
5339b52bad5dff926b66044067aa3e1a6147c389a27ebd89b0f16e1267621d7ce7af9810010bee81cba7b08c77a33ede8ef4675fe049b9fb2ed510fcaef93d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
30KB

MD5
f704ffc129bb25debd874a2e8f73b24c

SHA1
f82ebb8284790df8fa23f0b47ed5cc2b381f9349

SHA256
b0099bd84982bed886eae869ae47dfdbb1ca25791361a52d2fe07b6b4b850827

SHA512
1ddb97cd055932d74cc197ab96ade556b83ea9018e44413f0f8ce2c058f0fce92f45a6458cd6068dfe5e732aeb844d969ef9bd23356587f3a34b1eecc6bb7a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
16KB

MD5
a566a55ccb1759dcb8d495c270e563cd

SHA1
e06916c95dc44454d792c16abd5a163e3a8d888c

SHA256
950691a79630ab0c5ae6c8adf2712d394b235beb2db399a2730e003bee754a7a

SHA512
53a569ac4ef4bc4997c1cc01de55526f426fce43ed4be31da87cd0c3ed6096624ea305354b4d9aad2f0b8ede2b117cb79e1f249cbecd4bd17dc338599b557649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
27KB

MD5
6857c1f146c59668d764824d26ea0727

SHA1
63c2a8a5229e47fa924759a608cc40a3371b2f3d

SHA256
b796c48ec429e95481d081cf04bd7d9ef0ac461f96094da76e5982a76c4b9511

SHA512
e0b5b56c73dbff9beff7e85f7964cf4a275699ff49c8ac4216896944d9d446752447fadbe6f2242e944fbdd27d24b78e0c4f2f8fabd5644fe515b2ddc6820241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
19KB

MD5
cd3cc0179a62420db930dc722bf6c1f2

SHA1
ec583261d04870dd927aee14a3b79c8125bf8e63

SHA256
b303dfc200eec4a5e29b2a27e6a71f4677237ba53246b6ca73d487ddf2f8da1f

SHA512
321ff1d54de93ceab5b51a2eea0de94b94f453572a55d8a1ab681eb03cece45e8e8c17cc834ebc50b4344e3610b7f71adcc2bf3b7900c70ef989fbb21ca99a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
32KB

MD5
ca1fecce6707309176f85c5cfa4dd59c

SHA1
36aa2ee3465254ad7621601fe259246f799ff3ce

SHA256
338b7d0d6fce594b1911bf4962d34bc6b40b8a49506d474a5a676ba6cabeebaa

SHA512
53fbf3368874568f062842fdd2173e7e37b69cf3fdc87e88166a47a494beb07893d5502a9c6ab082e6dd697f7160b2ff58ff3927cac5a4b9e4bcacf7f087ad20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
16KB

MD5
d77d2ed3bd784a013d5eebe24a9f7971

SHA1
e3e6d582448549b2746dec93078c5aa927db3cb8

SHA256
4a0c871c51c581ac088bd9b20aff274bc02aa91e495fa45254a0ec47ff7b20e2

SHA512
7ee1602fa7580c0f58548dd740d486f351a61709aa9e462f37f5e7b6ddd97f0af6fd464e2ce35ccf0db46006158d1d3ffb93cb8e72965d490c6a124a58b02565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
24KB

MD5
8e34c1d369da5e09445268f0ddaf0fac

SHA1
d7256eece0c3cdc59e2c3e3e86bd2752d81dba20

SHA256
e56c7410e7cddb67de6aef4cb3e2cc07ba5d4d553f4c0b9383212fc658085bda

SHA512
9d6852aa83162fa66dc29281816cda0f3c24090f1d4ec2b9a1c4542e65be665ede19a4282413d5592733a388ffa4f4f8927d63ec47ec550a748182c2b40038c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
44KB

MD5
7228f9c3a8c50dd77d0bee0032db08a3

SHA1
918013402da48096677553e1e0aaddb73bae648c

SHA256
88eb1490ae64403203554e6af85fd278499f6938d756383fd60ca6773e859ecc

SHA512
67a607c0940b6809adadd5a6faf3b5008cff15ddf140da3c09d1c2e4eb07487e93a21528f3e391873bc4fb8c2c2f8b35ec5d34d741eceb69f9ad4fc704de7c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
27KB

MD5
26a9cbf688ef862b4d9c4cf723ae7fe1

SHA1
71e9c725f7a2b6608123ff3124aca5af34eb7c52

SHA256
fc03571dccc21c0de31c11e4e268627d3dc511df70cae3e95db6f71fcfc383f9

SHA512
e01999b9c778bc172f6f62e5f2479ca006fdc7e055e48c0bdb5d04040449a2e64c034425a1082a7b6c61aa22c4dbc9f0f699d2f207545865d4b92926d82bda9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
71KB

MD5
79ad6bd2fd8b53b2de1916e9a93b951c

SHA1
26df24f621a7e85a2c75db4ca161a3e9f1b4d530

SHA256
5f04b2251250ed8a8ef4cdfea43b659a324f8590cefa2a940f7dee62419bf604

SHA512
1ef832a8431748a504b623fc7a9a38d1eb6a45001bd98647ffa27947f6187094cb8cea44c62f34f70615260b8501a1db8aef1b4221da481a6b6af9b458ab029e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
18KB

MD5
3fce036ca3e9c1473a33c68344a26a47

SHA1
8223cd0e35bc9a891f5bf4ff7cba649904af630f

SHA256
691871908e332698b624b4d7ed952ea817c7b998397b2231e350ba5eb5b56b9c

SHA512
8954a061b0ba4d320604a1c038c07baeb254e8c29bf24eef65266255db8b9ba42425f1670ed1b123ec42298430367e78b259644b516539200e890d1d325cca10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
18KB

MD5
ad301031ab88da697205f6634ddf24cc

SHA1
f9c76e1d709a15a3c7691b516478c07438e900ad

SHA256
71a55f71bd833bd4d8a6aa5a13fadd419095fa90b0e62bf618e80d0eca83dfe1

SHA512
4d8ccf8652e664f21460f7dfb7095c2c720842e7392ca95c749beba1348fa11463846e6f5ee9d5ef517675c48ff35dc6cad89cac0e49c389bfd7077dfdfaae53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
1.3MB

MD5
4b384c6bb4c59546181168f0ce55cc58

SHA1
dc514a4069a2b68ebf6c8f96b77ae2667ade37cc

SHA256
d143a2f4cecea25dd9f5f756cda44ef62927c3cecba342319d520e6e43c66fde

SHA512
49b13e1ac5a8c0d8f082694d77b6955d714e4a196a00865751674281e91127b3c47e3be6fae4ef748a85c17e6887731ec21388db84992d583cb7be4a776bf107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
4f200366d6d1f3b740421385482b55a6

SHA1
6600efa17e4cf545d9351cc1c860748c600dc727

SHA256
b42af2e0d3f6a268ad641cfd064dbdc65c2d63c5f76e1abe8de04a3e362326a4

SHA512
280ec053fc609818be405982b6fd893cba92e56354bfcb289997bd6445a6922d2f3f509b1cc9c273f9bdb12f96dc931aa459405bc9aa401ede079b33e94dddc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
defe9a49964bcef47fa4f2f26ef2ed4b

SHA1
52ebc6d232fd36a5acd1d754b279a9e0ee9a1336

SHA256
3faa29c9c01916d3835fa2db1bc3a718b06000480c2e4182f882baa0ca0a0c27

SHA512
8e8f7230ac47bf907f32e83071df265e861bf06442db30e8e4381bcc8ebcf7ace443b925e4dff4edf7dd75121270ed0d837d73bd6c0c820ef3379d5a6f576f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
04432f1660c35cb7763562f85e8aae01

SHA1
a85617ea654c2c479a2851d4c657abca062a7659

SHA256
adafec5abd0d418b33fee0e9bfd647e3320666a536a547de8be9118f1d4136d5

SHA512
34bf1d2a77e81f000ce942422aef5753eceafd1a72044a09435740a4ac0d4dd21dbeba5b864f583dd8ddf0474b02e7b99a1ffa715c6f40cb5ddd6645d76c8ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7e6f292386e55110dc4de05016ee4706

SHA1
c524d85f19b8e7f05365e78e765cf0e372ffee7d

SHA256
e63f8905c50de209f6578f114b01fe209762af35e994361135bcab4736b76f31

SHA512
d07b49e7001de29e473ffa2733f5cd7e6a5a15120ace644f712c907e28278bf976df18fa5a5f2a134ae2ca6ca2cbd7f0864ca273111fe572fcb24a16cf8fbfe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72956954b4f8bcb572af99c64e00c5ef

SHA1
a6e032755ee2e6e6c1e4184ede6068758838c435

SHA256
3a0e2036182271f0688d67dd86b85d78dcaae90461d5d4c9ca0ebb3ace3846f9

SHA512
b3862abca7b522c606fcb83678f8e098e44a1701924e9db5fea245706034499940a1a5cdd146369d7c4c14bdbc0e6b9fa59c374c89e27e8f28e9bb3e20fd5f4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4b42ddca02709ff237147a9670b56d8

SHA1
1495704acd6db5c177b38c0b3c6027f4021dfa55

SHA256
c86a253fd70ecbfba0366c9ac0aa235dcb7bd146d12ed6967ed9db1f9590b817

SHA512
261794c79f922dc351f429b2fba761b6ccbf268070d0a978fa18d2ed12b9d4139a4793261dcd37e412e42dad2b4e6601a020cc48d90fda8766dfd18541be0127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
38d681a5f2ae209f3fb681675233887f

SHA1
b1b13c926200823b49df976be8caffc81c266832

SHA256
2c4888c7a9f99c17b212dac18daa9ee87f263705644001798cbf4550faa910a2

SHA512
cc710720f5431f23db97625663bbdfc531ab85026c5f312339d93a251b7cc120c6706bbb5615cba22f2124132f2a464502e22ff3d61dbf7cf06f887a8172ce50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
98f36b78720cbf566ab27e35b14dd418

SHA1
585a4314dd10cfa5dbc88fa2219b5f38eeaa0fdc

SHA256
14f96ccb51fa19a104b2313b7c3ed3bb0a881326080a71379e52eaf4d647ec3b

SHA512
357373537aa1d0d838d98a5c330d7c85ebbd3ba540a5d974cdabe930fbb08b021c76e044006051c831b10aa44ece45e08c070431256929906045f2904fa0e3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ceb85f54546120b8a4b9cede3c4f48a5

SHA1
d8391d196846bba7eca01eb6d949e0dce668b47c

SHA256
13c03b57f9599ce3b0286a8af550eeb7ced3bffbcbebe15484612465491340ad

SHA512
2aaab51d1134ef94a807d31fa146b8d149a8f10822969a497dc8ca3be1169159dec78a9ffef0b24c219c18fba3b0d17e9a5d4c7b96824137623b0466aa6d10ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2aabb383f67aebec350a743653a09efc

SHA1
bc8e1c855a7ef0a5d6a19ec67e0ad4e72536e9d1

SHA256
a7f055bc2705eaf6d150d6ef1d969395d0c8f1db827399db72bb670e638b1cb8

SHA512
d2581c0cd790d1472d38a7364a4de8fd1d8f4c7db8dafc4c2e6d0ca9ebf758fc4f781ec79fd394df3ebfefc0fe783116c1a5b5934c38be3c0ad93aabb6f8acfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aec0747dd65e776c43550654f6eebdd1

SHA1
fe689b332eaff1814eaedd1b0b8cf6a965d9f3e1

SHA256
d5a7c03a19131685e339c479f5a608f925894149574b515c3ed053c8731d86a3

SHA512
14d25ec74b10262716a575c6a7ed756e88630db522df50328b47aaef87304463579f7d0d15f00d6359351feee74d849ba48947c03caff0a9ae66dc93126e1196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ec09c7cbd7cb0b8a777b3a9e2a1892e

SHA1
3b07979e57b6c93be7d5a6cd8fa954dee91bd8dd

SHA256
a623633f34a241b0dbc9fd26f34446d716955f94e90b2ff9ac8b9df801bdae5e

SHA512
5fff0a38a3b6e4b29d402eef2650011e4d9df514e0624767c84ea31cb73cbba10c7e0b5711cb487976d637f0f60a85c431cf0db54b519411245684c116c07b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ed659b1d7a51e558246bd24f62fff931

SHA1
84685d6f04379c290e4261ff04e9e1879d54d42c

SHA256
23fafd9073812d5ff8b523b84bc981e4cb410bebbf3675db2b29cfac0dae9690

SHA512
1c3203328583241895db9fb165fcfd595f642e218ee3a453ab6873cbac10ddab693cd2f913bab15c8bb7b5a12c5768b3dfcb278aad754dec1fbffe66b81843cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2116259e3c57224f7db027a994221935

SHA1
c5c0125750cceb6088b64bdc4be019acdee5d3c4

SHA256
80595d20b05f5c4764cbdcb39880c2f1a2482bec391b1205241a52b2a286276d

SHA512
a09aee86a3b4e9e3d67a017fd88ef947ec1b209bc277462ba5d867458695e85e8f069da4c31c3e4dc7bdce5dec3c300878c218edf1e9215e2e5f67044cdbf44e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
e66e8937449c5b27f5ae0096625a6fac

SHA1
15ab3f6b6974c9a567aa78f45737acca8deb5327

SHA256
13fc41a955ce4434084c14be87e21781fb5cce68644fa781d84c4846586b8c26

SHA512
31fd4df82d69c0244cd6cb30e8c95a58496cbcef8cc5deaca8b0c64cbc64560fd504b326a8d11f36870afd6f2ca487329192a3b6496e22c383ee4a1321c51bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
289eafd1679370ae8fb082468a46bb41

SHA1
9696682c6394c0e24e1a62b846f21d9a67eee0da

SHA256
23e64b71f5e4444cf49ace084175404d9122850b03ac3b51a1f82e418da93498

SHA512
7e6816284a8c9cb11f6ee8e0ffcbf647dfdfc08aade03249630ecbfc8ef59049067f6e9efdf4370d0d2d4d296ef6f9dd6143d859307bc2df3d22b47ab3397003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eb701d7ce56daab63ae8a54b610996d0

SHA1
52336eedd9aac9ce0676fb83877e7571ead3865f

SHA256
682b5496ece1a6466aa4dd7d32ac31ebbb546e7af81a628da7fc6958c4954353

SHA512
2e1bd4fb564abf9d405c526985ebc81e8ef06dead5cce7a80c142f6a5a6add08201a48e56bbf939329d8a6e280c684be99ce84658fd3300d4b6f0cf37648cb6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b6b29ebbfb2f5458b9cd83b678c7ea5

SHA1
1bcb2b69fbdf801849bddce6176de0a62afc3143

SHA256
af94af3b002f7b4eb9c15ffaf82bfa590df66e97a6cf8171dba8ac97158ae7cb

SHA512
2071668e9fafb7dc406d4ee625323f8792dbad1071cb3d2a63f8b0878da8515d876af3ba7fe0eb81c8093be7ec0eee099e9f98263b25b4caf6638bb2667e63b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
35e64caaff61790e8bdac0acfc182f8f

SHA1
7f74bfaf207cfe0af193f120e4f36a77cc9a092b

SHA256
dda66705d666f76374b0c6cedc0f74d108b367113884dbc09815b6c18e52a199

SHA512
f7349bc324b638f9c1c3b1135e4d23fd97e40a65a8bab5ce45e260bd46583a95016a3ee4c35d71e891ed754dd78b6bfe1413402db3cc17b9cfea7a35951feda7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
136ef0650303bb75d6eac0c85b1cfd76

SHA1
bdb19bc5c5e824126ae7eb001405c8cf05f2b077

SHA256
e80e5b44cfc4fdac8b8774b7636a60a0f88556e6726af44cd87ed50717de5a5b

SHA512
ed5399f6470d7fa3e481375839c6603bc9b80abb8098230ba36df5f8b420c51b368ae35da8e9227012885553298efd581ee9d8cb542d6d84821ea8015853e37b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5802f9.TMP

Filesize
204B

MD5
2e00e0adcbc5a9a6600865d8b6ae4d83

SHA1
766c2919bc90532617eb25ea87d6a3c097c353ea

SHA256
f9209e434109bbc476a32ee0ee2717e7f4f60bcc1ab590b23575a1540159abdc

SHA512
42fb093d283c846cadbe39b6efe30fc1efdbd54b9e1dc118510c42b0befe55ab75d2622ea47aa4bd8799c5b6f5cac87b642e3fd22b47167d70989a07d960fec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
3b5988bafcdec0f4de47bc2ae1278aa1

SHA1
69a07ec0dfe2d7c75ac964c18aedf5682b0ecf75

SHA256
f03ea5e2ed369d7a3908391835415f1373ad2f9bdc57ae26a5045609b610b2ea

SHA512
ed3700ae34ef19c573a21642634b7ae89edf49758935400ae71915d7f1a1ca82818a480e1784d0a796c89209a58a5b4689ff222648eed668429a3b7427c36382

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
60109223cbe417ae965abf5c64b2b2ee

SHA1
dc229d486577226728169b3a697054f0e934e009

SHA256
e7e086bd2522f64b70b740405dd878b56e4f3f41acf5b0672584796fd95580ed

SHA512
978e966037d87751ba0d89d1f7033e1f2349537e79048ad31b64abd4ecab265227285a407660ae66f8511400a291674ffdcaae7422aaf9bc4562072b2f96056a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
5a9bd16657f34ad89cff30b58a865bd1

SHA1
d1dc244dbe5da4614e09115c0069abeba7cbd2ae

SHA256
f1bbf475431f09d3f1fed8df3955a5840a5c3a92ae109b45595c6201e9f6445b

SHA512
27d31bed351d1ceff9459f9c7b1646d5d59f9f1522b4614bf57001a3fe71d3de310dce0c79ed43f22b714d38db5bc8b74e95f9d18758bfc2e7c40bad7d88e4dc

Download Submit