hxxp://outlook[.]office365[.]com

Analysis

max time kernel
98s
max time network
101s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
02-12-2024 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://outlook.office365.com

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\33ac8c4e-55c8-496c-b79c-73a9ceb568f4.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241202033848.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
3960	msedge.exe
3960	msedge.exe
3228	identity_helper.exe
3228	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 4244	3960	msedge.exe	80
PID 3960 wrote to memory of 4244	3960	msedge.exe	80
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 4644	3960	msedge.exe	81
PID 3960 wrote to memory of 1668	3960	msedge.exe	82
PID 3960 wrote to memory of 1668	3960	msedge.exe	82
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83
PID 3960 wrote to memory of 2152	3960	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://outlook.office365.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe022a46f8,0x7ffe022a4708,0x7ffe022a4718
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4588
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff705015460,0x7ff705015470,0x7ff705015480
    3⤵
    PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6836 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2675751477145318086,13743106901630604822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:5612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3ef1825c-31b4-4590-beed-2ce3fb5c8f91.tmp

Filesize
10KB

MD5
ad63e5ee645f28e20054f3e191fad925

SHA1
6af760a65c50b2537859ca2c60b49445a4aeaf1b

SHA256
7cc1202cc9b11b860f2501be4f2d1056bd71d6205801c1b1bc2b8ce49438a36e

SHA512
e309d61c011012e52149e86acab422a30ee2d7b94a130a80f57d57118a8c8e034a11d9dcb9725492b475e2369db07e00ca28013620a1b13d940398fd7ecb8acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
843402bd30bd238629acedf42a0dcb51

SHA1
050e6aa6f2c5b862c224e5852cdfb84db9a79bbc

SHA256
692f41363d887f712ab0862a8c317e4b62ba6a0294b238ea8c1ad4ac0fbcda7a

SHA512
977ec0f2943ad3adb9cff7e964d73f3dadc53283329248994f8c6246dfafbf2af3b25818c54f94cc73cd99f01888e84254d5435e28961db40bccbbf24e966167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
557df060b24d910f788843324c70707a

SHA1
e5d15be40f23484b3d9b77c19658adcb6e1da45c

SHA256
83cb7d7b4f4a9b084202fef8723df5c5b78f2af1a60e5a4c25a8ed407b5bf53b

SHA512
78df1a48eed7d2d297aa87b41540d64a94f5aa356b9fc5c97b32ab4d58a8bc3ba02ce829aed27d693f7ab01d31d5f2052c3ebf0129f27dd164416ea65edc911c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
175KB

MD5
7107c752f3901d95bdc4e9d46ac2b6d8

SHA1
747a0d933dc2ef38a98fa11a44ba661ec6a5eae3

SHA256
c4a5ecaf090da5f8115afcf0d4b723810054ecf3de31acc5ea6d48f9eb2d4111

SHA512
71d4ff3fa6c9a902b299302109d034d4610ac8a31ace170f09a3f66bd0d1259c41361fc29f2205fec6eb49995ffc73563399a6ccc536b8412bf1064485caabd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
159KB

MD5
78450fe21afa3391dc4dc62d5f1e09f2

SHA1
8aed39e81b26f10dd32c5b131eb7493d6d41b06a

SHA256
4903f015531ad7a745aa8c5155780c51adba6e0f671607c3fa1447795f33b794

SHA512
46db3beebdbfc0ae2b4e6d8f015e0f122851cf57662d5f445e2c4cd4f7ca2097690a610247e08f789685411d75b018cc35bc0a679b4dcf9e68c9fa164f347256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
165KB

MD5
34049e45a502035c1ee78f0b0967588e

SHA1
dd604c54963f4ae0cb4cc1c6890b66822a6d7b82

SHA256
a84c114bbb185448de945b27fca0b6ee207f4801505e3046f35db050f4720eaf

SHA512
07b046af74583dc5ccb2dd1a636042b36dd4ee50aa6e7a3871cc26bec7aee823dcb2ef8bae3f465a374b04ae92b8cfb90f41ad3a76a0d2db1b6ca764d8eb204c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
142KB

MD5
d1e0216a2cc3db1dd95ad3230a39a0ca

SHA1
a629d848286dcdb6876631bdd3bfd7dc6e05422d

SHA256
b41f67ebf201d922b8668a628078e11dbece1fdf875d1df93495c3ba3cd31372

SHA512
50f8b14adf524175f2867c7e198c71f78a5b9a1c2447229a418c382519299820ea1f0dc77af121c58ea116e2cfb4163b62c961cdb7091fcc4e9691d6135f3883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
43KB

MD5
820f40594a0e8d5f9d58546208aa9060

SHA1
e17ed5116a34c432013a244c979ac9da53829d74

SHA256
f8f708049e1e1609af3959cd21eaf313c8192d3e962887a7a2e1f9b353d3fc80

SHA512
95879b255a90ccdc41c8696bf7aa05796db56528fc4be78f2d13eb2233740ac8cf0f92bdeaa169ebc5c745f3e76ee9fc67d2626160b9e01c5f5a19b8cbea605f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c35e32523fcbc1742a8c7a9d187dd2de

SHA1
bf141e27cd9edaebabca98c0e55b782cec3f5442

SHA256
c0c0301f62ec94e0a9429c6e08313410ce85baffbc63b59da5bb4889ae00556e

SHA512
78dc679d49d1fe86f94b70323375080f178cc8fe7a1bcb0e5de2ea8613f3c18530a9f9ac3f3b7140246460f92b6ec895b47c7813c80b5ee5bd6fb23f17da3bc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
f54af01c1e3704ea511268fbef7517c3

SHA1
3338e0e4e6029ad0e35c2fcd2c451bad98106c44

SHA256
9f36c8c289b08e596788645c1b508fb09305c5d5ca27e3958e256a62e53bcb9c

SHA512
3fb13d234de72248d8a0387e3757b64855ea9cb114f407c9dab252f8cfa4ab046d54744921a9150f0f06a96d1b9ff1d16a8f8eb811ef0927b976be827ced36c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bfb94f41ae758fb285c9516986563006

SHA1
557866f90f7bc863d49a40e0928008c380715b2f

SHA256
227cec35d640e91e4438306c3baa04cc26a7fd776c18bd1943abd5f97c7e1b40

SHA512
17cfde6baf39d403c338b09b427a0bbd3dafd894258562bff4334e4a82640828955fa8722a523a04a04b38c29df6275dcbe3f10fae56fbdb6b1e6903176c4e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6a48af308bfe9c8c6683c4983adb7f88

SHA1
c2ca6053ea20f82c86a823cc059d721790a498e9

SHA256
64c38f6c312ac6fb39ccba65ef2f38f3b10898b0a82240c8dbbd5664fe5c46cf

SHA512
b4f0b70dadda791851e0e4c5fe6eb5c1e0a92e46485bf69f419d5bfd9c901e387fc9c95754c7924096e8949cf72a23034bb94bb80345df6c14df90ee1eca2305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d8170a429f936863f9046edce0118f92

SHA1
4ddc594fcffc93cb763020cc875d65dcd8ba8aeb

SHA256
7654f58fa012245db8b0e0496389c69e8804311c571063c3123776e4b6274ce8

SHA512
761b331192dfb1f690e04a80ad3942923ff8dd6c8e21cdaf1d9de57363969b679159aa69dfdc1b9b1f88bd51b06835677572ef67f0c4ce1385d1e85e3724c4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d7db157383d6c14168321c1081785ff9

SHA1
7ff9c74b9b02a68c4be3b8a7e606070d7124ebb1

SHA256
57cebec28a49cdf5fc9af0eeedb363b8dd423d81d9d65f4698a3d5c5f77c658d

SHA512
c9eb4cd2196bd7008f958642cd7c5153896590b86b97c8d1b821ef6aad1c47144842cbf9f20043a8ae4bef66edf90b87bd8482cfc0a1cb8c4d0def02025093cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0b809a2deeb3a41752334c398445b868

SHA1
e5a60b2e2c49a58b87d8386a683847811de85a03

SHA256
68d15389c1afa0834318a4c02949b747c9439568f2c463aaae8c4a3be2ae288d

SHA512
54054374859839249d9fe88f76ce3789a9ec068d65653f6dc97340c603b2c75a1200c62ec77d16862bef03de68ec379ab1d5619fce3012efadf50abd50e205b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e26082c0f4ff3570acc455eb9fc36bf0

SHA1
cf6dd2271989c4fc25aecfddfa181faa83fb1918

SHA256
e285aecb9899ee27247b5f27585393bdbd3a3ed7780622b9b8c01b2ee48e1a15

SHA512
3c5291ca93108311e083f8e4d4bb51134c1a3d0c2e8aa0bf02657fff6cb36498b40f4ee62c1bf9c2c197279fb0cc4eb4ced59cf3c9e60f0f7ab40407da0772d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f0007cf2813cb6318a93d407047fc831

SHA1
7ab61bad2ffe5a36b390c62341b789508daf1067

SHA256
ee28678b8efafc6a1e767c3e9a5762bbb082d9b302ea3a5a35f8328741dfd8ec

SHA512
632e0a07496474f038305aaf4dfa155ddab0bf6603ed3a133916b234c3db9787ecd9f4ded1c3c5c5bc735a807f12f4afcff975939a876f6c6c307724208adea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
952a6e3cbc50f011cf2f04c9470080ff

SHA1
a0d6a2509af73e523c970f6e4351861bde63d6db

SHA256
faa79ba7dfd140106187ab50f14aa7cca13650f94f796419bc0a44d7a2b79d5f

SHA512
7955092a6086f05268e4b0f88648d9275020b6cad83f81c90eac5a7cd994cc243b8dfab579d4335db62f3577fd2d8a7fbefcad6cc615e2bcf1d014115056cde4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
74d9eb5260fef5b115bec73a0af9ac54

SHA1
18862574f0044f4591a2c3cf156db8f237787acf

SHA256
7d7e7b38664d625a0bbffbcb7882b175709e92987bf9da113c4745fafbbc361d

SHA512
b85917201b1d4b4542a4424ce40ddd083ddbd0e230e1931fe6f7cdd2aa3d8a0eec8daa743ddc5467f0a92da5594144c602081d941b216ca9cafdfd3c150d32d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
927410587c48d8a22d85fb62a19b42b0

SHA1
eb0988ee4f7822dd93701c1710cb7f9ae966571a

SHA256
75e4c159f5e623aeabc28159531682e3106e2db3503c3da9c730a47e4d608d2d

SHA512
5a5e2e1ae80e362defbd72a74d8504c0c924f6017e634847d857c64ee004103192a7d4c549222722a2419a806df9bec5fcab594209e915458265c1ef4306a2c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b7b2.TMP

Filesize
48B

MD5
cc3b404e4da7d64f85f28af0da455c9d

SHA1
006c20afb5027434b66a35b54af20c43e4ea7ed0

SHA256
3347db316e77604c969aa3b306e1d97e3a1d61c2aa989e77beea8c482a55e7f0

SHA512
948ffbb461076c60a02dcd02a56ef865d82a1f9b0fe83fef37f638d1a71b236c597788f51871ad0cb4997c5de456a6bad9c8df98add4dc74c00e5598ad4fa6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d120d05f44a8ae1b2d3b74678b5c16d

SHA1
bcab9c7dc41f3c9a32a9a6fb0b2a2263ecb26f39

SHA256
5276921c0feadf34f674c993bd1b889de94fb95d1a61fb796fa2043abb976c04

SHA512
e3962e288d99bc24b1a922e4b20f5968af4a2b63d1f10a279866b41c18e018f3069b4f1004794bb0f86440ba69b2ab40dde61cd3155a1b2ade87cc851ad07c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c25385975642bb220f2056ea4aa236b6

SHA1
06ac331c0e9fd667dd22a54a10cd1f09ea58a542

SHA256
1b70317ccac98a0b1553309c3eca8e51fc92951c6e792dbb4756bad825b98d35

SHA512
821fa6f6b51f5b94ed47546d7d28cb1f871974506f87b4f85c4b5412beba3ace7440ce693a10b9f23c0899168fcedee37115890500710309612a26a028c50728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
df5b76a873233f5cff588f1fea535b68

SHA1
4bf656aaa9e086dabb3ed82c73fa0ef6c02dad75

SHA256
8771c1ec1f4e2d2a4de724a3195ad2506ddbc9f891944417836ac2cbfeeb63d9

SHA512
6050f7c3c3e3aae904e67dac76ddd4e0a64dd5b87c5ab82fd6ad20c8bcea890ec19aba02d90efd75cfab093bf94430a837a8be7cc573eb810aa54312657c7f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f6f3.TMP

Filesize
699B

MD5
032f63cc965fb4a89494cfd850552f3a

SHA1
f50828b8621c601ca94dc55bcfb02d90b0f4bf13

SHA256
fd244a49d241b75cae93182cfc1ea6351bb68b7ea44e66bffd8246438d75e98f

SHA512
2e335c96d9cfe4e999584b5491b7184aee0607e13ff83bda788e851f03d957a22c2f9ac7463c1b2b12f8eb89a8506da3ff352d7fb4f8d702a517c64fc9838bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a0c46b1b-c4ad-4436-b1d0-fc798d651ef1.tmp

Filesize
3KB

MD5
58559deeddeb4e9dce28005809e8463c

SHA1
05b77b270f5f7620132b0a08953f94d102cf8408

SHA256
15a805a1d4483c6522c76ea494b38bebc9a291e0032e77b936af6511e4626372

SHA512
f48c893cd9ecf2001b8d2b365b8df9f536799cd551c208a090bf7d546239d7b6cc4f2fe5720fed5d5832b2165b9da0143ad081779e90d77725a278c461b0cb3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
b67ffa00656912a24598feb4c145e4a9

SHA1
b22d9b98231112eb80a5e5dc3030ad47d03e50a2

SHA256
0d70c7b9bc434a2cd465d7397a721e304499d3a27af7a870a9f48a66e60a1442

SHA512
e5aa6dbf3cae5c1f8261251d044e561b7d3fb76405c80b549b118724795a9fc151f399647cebbafaaa2bb79a6a4185825c9049cfd5352dcb93eb130679337dca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9861179a4480349eb065df7e4c22426e

SHA1
4c573b7b2739451ffc133f8eea0cb9daca21a984

SHA256
8c5b405a28ab363aaa70a1850dd70b66e772fd65a3eea09b136b50ab7e937661

SHA512
cb8032dfe04699c58888264a1b86bead600e71d016e79250a4c5237ff59cc113607e3f1711b0ecbafb4cc6e1d8726c5e0bf718be99e62bd6dac6691b289e2b7b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7aa296d9e5728a846e9ba8d0a818dd62

SHA1
b78ba4fe521dc94f98321dacc337b9827613eb5f

SHA256
e258f3143ec573c9177739f81cc62c140fcb55a238cd72fecc81b1edafe072a6

SHA512
8199aaa926d9a18b71b3c66ba513616d634ee98bbfeb05485bde574e30c42e4ce1a9d0bf99218fef34e0e21c6c078b7c68dc0463a1a9cab0fd37f67851a33859

Download Submit