hxxps://ch[.]bing[.]com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=

Resubmissions

26-11-2024 11:58

241126-n488cswpdm 8

26-11-2024 11:53

26-11-2024 11:37

26-11-2024 11:30

26-11-2024 09:55

Analysis

max time kernel
236s
max time network
230s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26-11-2024 11:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ch.bing.com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Detected phishing page
phishing

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\0cb7c715-4547-48b4-972b-539b9437947d.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241126113750.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
4500	msedge.exe
4500	msedge.exe
3812	identity_helper.exe
3812	identity_helper.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 2156	4500	msedge.exe	80
PID 4500 wrote to memory of 2156	4500	msedge.exe	80
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 4840	4500	msedge.exe	81
PID 4500 wrote to memory of 3544	4500	msedge.exe	82
PID 4500 wrote to memory of 3544	4500	msedge.exe	82
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83
PID 4500 wrote to memory of 5348	4500	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://ch.bing.com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff846ea46f8,0x7ff846ea4708,0x7ff846ea4718
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:416
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7b96f5460,0x7ff7b96f5470,0x7ff7b96f5480
    3⤵
    PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15827781847023779028,3682377088855148167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:2596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2905b2a304443857a2afa4fc0b12fa24

SHA1
6266f131d70f5555e996420f20fa99c425074ec3

SHA256
5298bdb27d48c2c2b5e67bdd435445ef5b06d9b36c11394705b413ff3d0f51f3

SHA512
df85de0c817350d8ca3346def1db8653aaee51705822b4c4484c97e7d31282a2936fa516d68c298dcbbb293b044aa7101b3de0c7852c26e98ac6c91415162b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5391bd7b113cd90892553d8e903382f

SHA1
2a164e328c5ce2fc41f3225c65ec7e88c8be68a5

SHA256
fd9710650fc6774ce452b01fb37799cd64d3cdc282ac693e918e38322349fe79

SHA512
41957bea3e09c2f69487592df334edc6e3e6de3ab71beb64d9b6d9ce015e02a801b4215344d5d99765abe8ab2396394ac4664fced9f871204453a79463cc7825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8ba49093-b27d-47c3-9cfb-22218a10b89b.tmp

Filesize
5KB

MD5
3abcdc98d7e635240a2406f892f99ef1

SHA1
fc6c7d74a5ad9adced5faba820f198c2896b98cc

SHA256
eb87ad7bc6cd3c89864ee99c13c2801e678f783398a60ac95148adef9911e1dd

SHA512
efb64f5560cbd3c30a8054e3a00c35fe9e2242eaf8d55e59f34975273109010cc806c44274f67ec24c6c75022ea4adb8c52492517d68b64c29c2c0a1c6b2d7b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
45KB

MD5
750742b5bf36a17ce19556504179d864

SHA1
2b7faef1f0ac31076883ea54f50b02e4ea777ebf

SHA256
c01600707a5c82bc3b123e04505d57057147edca4dc97b75e8aadc10a0c7c6a2

SHA512
cae0a34d0c44a047d6fec5b2f1ca1f5c722cfb16ca94b12d6c089c361f2d1532b1aff73ce4df67ec56e3da6878a82a0355f73aa6904c303247f41ea79195f5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
239KB

MD5
40d5472f5056ee3ed375d207933e86c2

SHA1
f7928ab234084df7c7d4e96365e689339de8537a

SHA256
cabf416ff2111eb437a4c0826ae726963c1191bd1c8dc3692e8e3e100d669c30

SHA512
660dfecaaed6c795c250c62bdd5ebb4b9dbf0462c0f28db66340c8a30615b23c235d2235e584b711f95c2d1bf85f885c199461e15a5df489c7364aa717354c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
32KB

MD5
2e287eb418940084b921590c6e672c9e

SHA1
1fc75a9daa054ef88aaea181f3a9b4cba2b6b6e1

SHA256
6c2c58daae76131a00d1bfee20852f372cf594be7f4a8848acc42f8bf72c1bbd

SHA512
a77f69571b0f04f4a2354d9e18e41ef86f22274eaed20c02215b632bfef09c6543a83591e9db3f2b4036a9684bff666eb6a7b253ba18893500e9cd541ab752a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
33576831a130ee8724873f57d7e69b12

SHA1
8e57c8cb167d6e675788c6466f3b5cd161b23d7e

SHA256
d8f34c218a735658a16aa51a3f7794e0ad68e66d39a4f22af806883c7ed5d0a0

SHA512
ebca4a17a3c9daf8726766c13b7c8018982ec24533ad29fa585ab2bf3e9b3c85cca63e744c3566fd1877fa41538eb3304b5ade6dba9e980ebaca8e042567a9cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
aa3614c1064d723533333b74579b5d44

SHA1
945e50dd436214c0dd2d36a2fa347a99506a2501

SHA256
ef88c8246b9f404245bd3e44e4d48931f81abb5aa3f9067c2334235e703fa612

SHA512
87c6a28a944161ef09ccb612fd2de56ce7ff3bfb2682164e655e7a2d6d56fb34e0891b1050e4909d9a798b089f2733c5532d9d8b40a15010eeb618039da0c788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
5d7a16c55c76da93dc203a33373251f9

SHA1
a637babd6d49b91a253c7dd32a261ab69a3822fa

SHA256
6b14795ad74c1fd47ffb78382610d897776bd049ee4b99dbad9ad65205657d89

SHA512
1e9e68c49668e181e1330ae97404e521ea8d1a7f902bdbe3e462627a08606776781b4f25222333ddbed8ca52eb0b32eec0dcf1c51d12590e14bf502d98eefd6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe584ed7.TMP

Filesize
48B

MD5
61cbfd904c4e839e9764a30bb3177680

SHA1
3ba3e2e52d912835fcf49ad868a63d58dd68baf7

SHA256
ebebe674895183253dfca1fbe5c615e7f51d76bd3bfbe4aa9efbfd6e05381bc5

SHA512
90ab9b2f08c510c102e319606960bca8aad723e70d5c77a40a6343b43cc77c7c068ab7fa0e714613838048816750df601ab71b1718f6e401e2f8daf9d15c8e35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
905B

MD5
4cce9c85002b41e624dee9966159896a

SHA1
33d17a65b525b8a3f2e0429f965bbbd21796d72a

SHA256
ea1c61bd9998cb2f762a25b29e14648fb43f7546ad52a26d0e24cbfc332c6936

SHA512
d37369ff4b3c4a576b8364db4b24572a95e1c43856bf52403aa636b7584c6bc75852f6eab9a904d256b8270d332a724900b986e0e3abdd3031c67105d0b6133c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5a25925e58973a770d489e8682dbe1a0

SHA1
721276d04144c2352f205a1fe14250bfa6e82f25

SHA256
08b3950a4e327f0a574d1c10d305d6c94ec03333449883c09536c5a59746dcf6

SHA512
07f8f65681c9a175bbc2bb94bcb7f5249a5f3071d85f763744d65f742a3dd9ea566d393656d96c375b388a5ddc268b27ea7c7074fd99713e570843cf0e5d0f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58943c.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
78e2db8c9a843501ce79c68287a63514

SHA1
ae34989cb3cdebed7195653dc1563d8364b18150

SHA256
e7178eedc93d00e1d662022accb827e40ec3374b99824c094405d9456c90060b

SHA512
a8f011d2b7094b237349e2bcd6753dcd3ddd2c6493eb718376be85ca4a299b75194d50e3b1f156e2579abbd0e0619135ae5acfff510846f1b79774ada3da7f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c677c9f4269420d75a6148fdd1ad2bf1

SHA1
31abad3dada6eeceec2e74b3bb32362524e416b6

SHA256
c049f357d5b183f60631d9b33aa35c8b4d176ae694014e6a8805342d1997bff5

SHA512
979b02e1a44a83cd0b5f0f7f48cb3233ac2e4a59a9fbaa35f60a1aa760449b486bdbd7b4df76027dee63bcd0afc1b172d88182fcac5fdd0442724ea4ad610105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
882db41e9a55f680e6f032104b101776

SHA1
d16cef0ce2210382aba3bb996f82a1b4369c050b

SHA256
34d456d206e8b9047e45365cf2444c97a15082b8b8c4d449702418416ad4fdcf

SHA512
29c1debba8406e7463c832342e02c884dd3e495b739e90f4d2e21b291eef98adfb7d81a6473aff077cadfd812720ab7fc4946f25ce9ed559b34faaf377fab7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b77079a7d3feedccf7ae667307b16b76

SHA1
861fd5fd5e390e4c9ab92fa5af34571ebc216686

SHA256
a2921d4eddee4cf0d1c3340e659195ccdd06938e76f397578ae60c811c2f05cb

SHA512
5a5e6d57a79e221951ad16204ca5d407780e3e77ef690c0cbea728e479824810bd0ee2f4c28314e0215492fdbcee03a699e9f72b977bf14177c76790e9f904b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73d057b174ac3b9a2a67b847baea8fd8

SHA1
837f65c16b9b62312def81b71a143aba515358a3

SHA256
1cd2e030fe255af19cfda4d2c5f25005eecbb886d171af8b3ac6841bd90824b3

SHA512
9167389f4894bec3e6ded805506a4472504ca04e4ab5015de1b1983db230f0e0dfd09f3a2c24a8128878af3672e375fe3294ee671949a00cd1ce61d1d32d6f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3ff2e85fe089fcf74beb6eb5c56bf4c9

SHA1
2f7360b394ef201b474a7a4648fd720a63284aae

SHA256
e63bb97da82fd7e135c32800ada3e0f6148854c2f4ad8cbb333244357a9ed9a9

SHA512
7d6d47dd333a6cd1cc4df54f83dabe16ab2fb49eaee9745e6a53d8ad8395a0116d6d1c2db7c14b8fb8f3122be1c42604d79ed59220f8b7795711d1a975f3363c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d952d7d0c0de63bd8d3adb28e6df84f5

SHA1
92c20a9a9045ccb47d630ca85121c8b21d5e38c0

SHA256
0d2a712a053a9c5b6ec76b82dc3591defc92a7edd7bcb58094363daa0af728d2

SHA512
729d1c72ba35b808b8b68f0df8bca28fb12efdc865f9ce4aff657bae5c6c0c0eec6c57843b3cc160e940ec4e5ff293183261b197853518879d12681756caaf01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ad9709100fb43b77314ee7765b27828

SHA1
5cd0c406c08c9c1073b0c08169ccaffbd4ef6b98

SHA256
04b61824ffce6fdbae4e6a527ae58b85813226ee28fe4d631feb76b5f936a1a9

SHA512
fc55ee34b1107e298f2cfcb20dce42b5dbc98a7b68e72ed80a6ea594f66dff6f9e9cb70ad5ccbf5ad2171275f375abac1defd8dad4118afa280cd9c1d9f6a538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e122fc93c0ad25d45d09ba51a3e86421

SHA1
bb52a7be91075de9d85f4a4d7baeecc3167c871b

SHA256
a277c1c6fafd7a44b47d94e4bc3c0337a64a34d252e58722855aab09e6f52bee

SHA512
12787aebefd6a5e4584ec8747a78538f948a16b214bdf81302036ae89e2c4563027847236a4770c4f780a9ca0ed03f29b1577bfb6f11feffad85b7a625324bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
7d4e9bd9938658931098ea20b0c34de9

SHA1
bd42229d7ef30269adfd0fed3c02ac98f28cb025

SHA256
e0e030e1d760494ef2037c3bd63671e13aabd1f5af28e1bdfb0ec5a19bc3635c

SHA512
612f389a13e565a1b22fd61c497dd3b6fad2e7ed22d64a1ecc939a02d667b2817872265c8501055571c91dd111bcbc4a663d11825750fe73f4a0d9acc6c231da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
ef7208e74c45f93211967a0815efa893

SHA1
e6b2a8968bd60e88d15951074397543f5f183c82

SHA256
342d93f40dfb4e161a38d351b760c07338918f181b10fece94cf54eb7df8908f

SHA512
3051d105d715b057e2096207fed42a7a9a03f1b2b3f259fbc028aa5a7584751f2465bf6808d2547c5ff5530201d4703e504f992f40d5674355a9761ea460d1b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
b081608f0562ea2a361bed37f8a964fd

SHA1
1e18a39e8da77c860f8643f4192e24f459ef4a10

SHA256
d0af3a4f90781f1f0a8c7a83c5e2ec8b510c5595d3f0940dcfd4dc0b5feea919

SHA512
53b9354fc7b77f64e7f687ea106954382477822878358220d6046ea8aabce1c714d7c0532e529355a5d7459cd804a4703d519ee5e5b6e6a05a1f1d056b9c48e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
3ad1b2e06cfae51e01e93fe60bd6f10c

SHA1
ffcde7e92ba4eabd24e68a399eeba0a3d392db97

SHA256
1b1eb6e32679cf26bc4a32fe031fc31b46d420a4511b7059f26f9b286f5285d9

SHA512
e1b2b6b1b5713582eb7c7ac481436c8a36607d5dcb0e4525149513c749964ed92b06f5afeeabd3ea10f11b0ec597d7cba5cd2edd112fc5e0b6ca9cbfe2dfe842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
0a40be1000f1cb05a01db75b557c5776

SHA1
a817db58e67d6d89ec3262c0eea9b3ff7eb9f763

SHA256
512423308ab5758d7a2a861ba22ef3216c0edeb3df26b281d141febe32527338

SHA512
3bee2bfd849c1b88b21fa8c6b5eae781cd42b722ac9361c9430bb7c69f2a904b0bec5f2e908972e4f9624f14d9b0057185ef543a1e13b7d66a659a51c68d8881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
d2c3da19c257299e845394673cdf9d79

SHA1
6e84e135faa823f9c34dd4042a484d4e565d25f7

SHA256
384d6d9663cad96836e6e26f6c48971f2a1fe111f4e46df011601d1c9adb7388

SHA512
133e0e3298ff63ba5ee6478d003adb3017cf74c7eadb31b59693a5f11c2b02ea6b0233a1d7429779843b7fe46f6b9b3eb1d9a0cb631d0e4dd1e473c52c7a11d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
5be0b1eedf2351cc5e4fc31fce5e0a83

SHA1
aaf121e7b4111c8648ccc0ba2e966231d8a6af28

SHA256
fd4037cedc829d61773629eaf4882392476d598aa1d073e1b301d53a73d13a68

SHA512
29e9ba3ab715137831c6354b73d2c658627bf5f37138ca55238f3858b840db6c9f0b24cdc097f3c206d50e5b0f58033bc1741d63aec9a233de30e261420ec07f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
57debb76de14718b337260a46925ff77

SHA1
69516eb3111e26c33730b87783fd657753dd7618

SHA256
960dace66e0d21ba2f290e054957c675586125f1f08c35a3137a434ccbd276a2

SHA512
b9f18a33436a1fc8a25898c35d733815c7b3ff302771e41f4fff76d9e253337cc44945ab8597c65bef7766054e5ec5b359ff13e563f681b0e0221d1353780e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580441.TMP

Filesize
204B

MD5
e7316ca2809b93081d2f220e14724c5b

SHA1
2204ba0dbb775f68622c84be99204f94d26ea50a

SHA256
b9d73f2c941bf68906207eebfb9c82aba4f172ba93de6b0887f8721a554f369e

SHA512
3d69d5c6819b9f6fedf1adf9d909f2c3d45032876a8cfca4d51f267cd7baaad7e12cd0a89cbec1e75efb4ab19e96d7ed4b5cd06f5909fb382623d0cb336726f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
815c9c4c3a035f1de62778d4862c2119

SHA1
a36f92e45d3481c45b525ec14a987e3135a41357

SHA256
e4a06aea76a55eebddeeeb0534ce3b15324a5a7abb0d463914441f3ac0b4d470

SHA512
91348940816142817f065bad49e91d82fa83d4eeda4b689e42790fc6f910380a4c7fd4c42d014af69a83d8f594e18d3586240488de4c70f56edda732fc744624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5d8e015fa98bb52fb44e9e885b4d7c63

SHA1
2ddca770b77ed398f2528dc7a154a24530524ed5

SHA256
b810b4e9b2477f10bc8bb0eb091a3c8c8a705e6f75be07b89358692b479da79d

SHA512
4e477fc0b31d4228e3db610ef4a782dcce1ead32a3829931715ad0fc84d502ecf21e6aaccf4ea66b3f04b9d91933a5b360a31dce5e3944755fbc8221d713adcb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f02f7aa9b38e737da24b67fa07f23cc8

SHA1
b0664ad7e8c6bd2d1a19f8f95df66bf9a1df33b0

SHA256
74517962498e5dd0132155d82156e367216f8fe3627485bd857d9172a240b02b

SHA512
98c9c2b1709ade54a5b121526a5eeb58c017c1b8236796e5cbe442e07939037b3816a47d88681e7899b0f3419879083566a37c54902dfb687956f52bb383abd6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6c590017f0f7b55d8d03b846feacba12

SHA1
efecee842f566bb4917ac739da65c39dcd4cc0db

SHA256
4df9434ca04802411af0ad6568a8e67de106e9cc2b8ba1b45d713d753b0c01e8

SHA512
8640cdd6b9b9e5fb2b986ebab9869ea8c464f8871bcb1dfb0b74a582f487bf1b085a496b842b1dce089d6de918f4e7479d33cd3465cc320cee21cae241249376

Download Submit