73e1cfc7fd5763c4be763a41b5c592df951183b9e3cf9a4c389696a7e6033623

Analysis

max time kernel
1151s
max time network
1193s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
05-12-2024 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a.html
Size

1KB
MD5

6621c360df9452314eac6cb7b442f45e
SHA1

57ae8b84751cbc5ca9a440466211fe897fc03ad5
SHA256

73e1cfc7fd5763c4be763a41b5c592df951183b9e3cf9a4c389696a7e6033623
SHA512

7ca8c2b2f7eb1fdb58a21f92ea5177a4d17ce18294f020eb2c8cbd75b63bda6e0e4b03788131df027c63f1eae26ff01c8b24b804d422e96858080c0d218bc235

Score

10^/10

microsoft discovery phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1040	msedge.exe
1040	msedge.exe
5344	msedge.exe
5344	msedge.exe
5256	msedge.exe
5256	msedge.exe
6052	identity_helper.exe
6052	identity_helper.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5344 wrote to memory of 5308	5344	msedge.exe	77
PID 5344 wrote to memory of 5308	5344	msedge.exe	77
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1364	5344	msedge.exe	78
PID 5344 wrote to memory of 1040	5344	msedge.exe	79
PID 5344 wrote to memory of 1040	5344	msedge.exe	79
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80
PID 5344 wrote to memory of 1692	5344	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\a.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff850ba3cb8,0x7ff850ba3cc8,0x7ff850ba3cd8
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9326945877039642510,17575001861080419590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:1412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1856

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
45KB

MD5
750742b5bf36a17ce19556504179d864

SHA1
2b7faef1f0ac31076883ea54f50b02e4ea777ebf

SHA256
c01600707a5c82bc3b123e04505d57057147edca4dc97b75e8aadc10a0c7c6a2

SHA512
cae0a34d0c44a047d6fec5b2f1ca1f5c722cfb16ca94b12d6c089c361f2d1532b1aff73ce4df67ec56e3da6878a82a0355f73aa6904c303247f41ea79195f5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
239KB

MD5
40d5472f5056ee3ed375d207933e86c2

SHA1
f7928ab234084df7c7d4e96365e689339de8537a

SHA256
cabf416ff2111eb437a4c0826ae726963c1191bd1c8dc3692e8e3e100d669c30

SHA512
660dfecaaed6c795c250c62bdd5ebb4b9dbf0462c0f28db66340c8a30615b23c235d2235e584b711f95c2d1bf85f885c199461e15a5df489c7364aa717354c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
32KB

MD5
2e287eb418940084b921590c6e672c9e

SHA1
1fc75a9daa054ef88aaea181f3a9b4cba2b6b6e1

SHA256
6c2c58daae76131a00d1bfee20852f372cf594be7f4a8848acc42f8bf72c1bbd

SHA512
a77f69571b0f04f4a2354d9e18e41ef86f22274eaed20c02215b632bfef09c6543a83591e9db3f2b4036a9684bff666eb6a7b253ba18893500e9cd541ab752a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
17KB

MD5
7916a894ebde7d29c2cc29b267f1299f

SHA1
78345ca08f9e2c3c2cc9b318950791b349211296

SHA256
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

SHA512
2180abe47fbf76e2e0608ab3a4659c1b7ab027004298d81960dc575cc2e912ecca8c131c6413ebbf46d2aaa90e392eb00e37aed7a79cdc0ac71ba78d828a84c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
aabd5cacf88473995d443ff609dae3e3

SHA1
af8667d47388d0111f207dc410b74c32b0094b9f

SHA256
59e5e37ac924557eac4b949df50d92d57ac6a19c9393de15055e525c20779560

SHA512
e55390275f96ccb8a483b1be4dd03bd9bd1306341cd05afe2279ba11dd845b050c5562a11a0ebab91b5bbc16931aa4d053e92db5901cc1e85390b937f6f5d822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
edbaebcfc21976585924adc49cda86f3

SHA1
b7b98345f162cadf17ec66c882f0a41b20523bc0

SHA256
ac47d352b091039df0dc21e8a36cc5ed16aafe11840bf1281af3aa81d68e89bf

SHA512
507e7b771969036542f731186939a0189076db8c22b4cd5870c482730c59fca8bfbe7b7fee17d1a39de734aa59df609624c059eddf3245604509f3748ef5ebe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2494fd9144338df3fb162684cd6a9428

SHA1
e9d97fd127a4db0adc688a3d507244b5ecc775ab

SHA256
06b1b6a9e6194f63cd7edea4b82b3eecf445d5a13d451443e946e1e9be1518ee

SHA512
ea4f594ab483f7d3bd6ff08c7414aa85a3cd2889e2f7a748576d3a7cf7b57606500a0960f686227e04b3d6d1da656502fc1206eef5d63c67256b727fd94fd5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b6756855359c8518dd9b60654f740835

SHA1
a54126337018a71ba5039c85af64c77fe8dd8527

SHA256
dc71b7b3924fdbec73881cce8e8de61a9f7b541f6824cbb37ae54be3224cf096

SHA512
48f84dea4adabe1a7f600f6520b414af305c06ed11b5951bf4b6af8d4ddd24249b4d50d95d6d1cc0bac002303ab162f8e8437d56fba496785859cdcbc56082c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
4a3581d0cc7f997189258785aff090de

SHA1
3a77ec02aa6954018cad56fae6e2dbb4d123f8a8

SHA256
f6f3fcf8532df915ceef48f1d005b6c91434884a6128dc294d6e1b27cb2f2b9b

SHA512
9f57ec2cd02c0b7b8376a723414ff5fb107afbeb1ad083910134f5ae5dc16623c5ad50df0906ac4f094fbbf76f055b81681f94c96cbb68e38e7fed9dc54bb4a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
183bc9a271cd71fef6ba4f3a74eac2bb

SHA1
821cebcb715bf9a74bb3c892b5447b0575855f8a

SHA256
d93b79ecba5670dedcc3da84948834416c64666bf8781078aec7fe3a68db0fcc

SHA512
0d225de06e8f239539fd2b8ff93e00704edf5e856606924a19875dc1d5b07c15058b532349bb1545cbcf510c1f93a9ffba216189e60a48eac917efdf7fdb396e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4417af7d8de44ec29ae4dad8426b24f8

SHA1
f0e4794dbb650a654fda4555aa4ba8e9fac454cc

SHA256
cf79d8b0d6cbb80d93b704b6ebbd2a9c1f0fa40192f4517e6ad26fe18d5c0b0c

SHA512
1182e57e925bf3fa2e47dae2a9d269b7b7008007950f1e079ad1933444ba36e3b85b1875f747a7ba12075f82f9702d8449485da07a4f426d07f8741427926cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8d599d02bf5467dad899ded61f6e507e

SHA1
eb97625246fac2a3cb2c3e75cbffb8f1ce77b7bb

SHA256
0bba067cf4be618b1a33af56c4d190eafa9585921cf644c1c179bf02941b0c26

SHA512
500679c48ebabf97287f7bbb03d2081cef108d42dac6b7b421152a9774195cae57a44868c18256ceb630fe883d2b6041ee6dd08ec7c298c18378ff7a10fec6be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b47bab867db56d6ed86a8c0936412b7f

SHA1
437b569367c4aff6e005b9e7d4cf20a96c8d0223

SHA256
e851d15e7b0e641b0c623f5302a7b833b039f8339f40752bf5f1bb5f22d6316a

SHA512
492fd79ee37af798f0fcce4042cdbe8b1b6203373d1da14420b2d78ac3ae59156c29d238ec7201cc2dce6769bdd4c6f05da174d29e4be0c08f1896b8e6634427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a522abbf1cc02b4041559fb8cb7f7983

SHA1
727be1b4d61201ebf37f097ecdc564fb5fdff1d3

SHA256
df52fd53c634031fb6b3b1732dcb3e27666cc7ce513752cb54cf57dceaa4f55d

SHA512
b369a5a5b6c39f58af73c9cab0469613fd2927c26629f891ea3cbaf498c7652b1a3c0d4757784d47ac88181d5588b64d68b9adce2b8b7b05be0a2157444de828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4d5e3d2f0a3bb9dfb908f85f13e25c3a

SHA1
9479078339a49f57fcd84948c0085e14bd24138a

SHA256
6e1052d05411e8e14d048bd5265f330641e073bcbdc96e1c396ba8d6036d16f5

SHA512
a91dd850645429ac95c9501c9c98ad9dc8213e5dc0bc92829dbb2ae76e4f9538fd98562341779f5ef2b0398d92cfae5dba57a0374f65eaf94145a2be90b2c42d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b95479beeef0048dacd82a9e990b49d8

SHA1
ef9207b0f5037e4ab54b3a30898544dc2bb09f19

SHA256
bb9fc1a5f7a0bd8447c80b36446d2afeab1074a1c610279e5aac82a6b18df19f

SHA512
81a4b3ae3ff0baa9324a9ace2a5fdf3af3d39debfe7763e89e913c2d8507e4fb76dda93980bf01b82e6234f585eb074fe893c0a7011d9b4e209d48e6b26e32aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
08ce570b35a7b33f308cf665739fc38c

SHA1
6d947a3a98311f93c36b0771832d0ae7fb042f32

SHA256
989f68731715399e631e42aa621ab153b66a74aca7b89907f12183967c571ecc

SHA512
b85520abe237bc344dcfe59a1d17da58a58a0cc2911394b74fefc2197946f8aa1bbf95f048654ec1cbcb8e3816e220eb4e990f822bf5a76170b0bf38ac021bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
297e2ec26aa64d6c40c5b00ce3954162

SHA1
49deae14afa416b4b5f3cef28063670828a44f6e

SHA256
f97b6069ec55ab76ab7a827ab98b281860b19f6020a4b62394e3c54ec639e365

SHA512
2eac3dcb84e79e4bf91225ff31a95cadfe607d725a2839dbbd7ede4339fe017078d4ee56f6d8b627771affbd9c261be7262faa5efa5f1f7949fefd7aa0b54c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580904.TMP

Filesize
48B

MD5
d5ec1f5b0e703daf4e7a7d16274f5414

SHA1
6ae77487ec3aedb1e931bf425d218ffb18d455eb

SHA256
d8a44bbf5913f7d9d011e30762f288f73f3dc8ef60bb7eea26a477802529cce1

SHA512
183943b9e42accba700b533756bcdf1e8f75da4d4a0e51979d81898d8d177aeac11322764acc2e36b79c64b1d1b7ca651363fdb648bbe073ac338cbf15159259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
546fb8a0f426c4df5ef9749cedd2a220

SHA1
b7d96258b4361ee87ebbd9126ec311d78c880bd1

SHA256
e1b736a6362592ce79791a887325eb70bd7c6cc8635b845adba768ca3d161599

SHA512
27b6d1cb32a8260318230db83f5b52e2d539fe495501ddebc383f6c6a4430aa339eb2b3e8c095e9838bfe7a8b60626e68a2bd38cfb2f82e3486a8641512c52e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6bbb9505fdcca4100bdced38917678c9

SHA1
eb4e290ce06049f19756d2ce47b3388a9cb4a686

SHA256
c81e49e96a68e1593151bcc0cb5335ad9e7152501a46dea0113e446694af965d

SHA512
3e6dc829f4bd4c0bebfb4fc99085699c866b9d1b08369472648461e60a421c1755b18d0445125ddcc5d547620360369f52f6d35318f5cf10e08cf91c88fef1b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5b1292a9bdb47473d71c4113bf9b59a0

SHA1
6c9276f2c1160362eecb613c6c9a0f95c3712ba9

SHA256
098ba722e62cb5235477432c43827f777786b4aea796416c39aa9cf95b78b727

SHA512
8ddc1dcfc9b348f6ec8dde7ffc46401e108b79c5d8b8f8dfe962a3f32807365667aabee9df274f9ea3398fc5dac6c8ca04dcdb4e3c7ab9939807713667f23d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f07fd334090eeb46639b418f918972db

SHA1
38b15efaef40949fe17d71c753e886d4792cab35

SHA256
064113b4bf437724f547802d66320ffeb3d170106643488c4f1672fd4d84d098

SHA512
f1481f9a9267e1314fd3bb1b5f8582e5743e5913b5f7461da5caf52370fb20b8a4fdeef42e891bb80ff1e7c5bcd1d8c31d0ed8bc95d538d7745e3718551fbdfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
afa210d6b3109f5468f5832fb6cb29ea

SHA1
6edbeb60e943aa8b956f66ed26089b61956d18c6

SHA256
3aca03076b70c418c107ee435d01a1c171077af84cb198da3bc54df3d2806173

SHA512
e1efb741299fc90a84eb211ed896aaa7b927d33fd2b1de2405dcf72059572be0e4ed14aabd5dc81d5e59567263815ff05d741a09ee8f04d45019a236e40b49ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
31e3f255df10420601d6df458d7f3883

SHA1
1b2c1ee0719c5024dc7da8304c542399a56be628

SHA256
2da147a6301f44cd57e927cfbb1c47df4bdd4c00e94b0e08d869c0b4850ce85c

SHA512
dadbcfeb11c627ef6350cc7873df0de01f8ff59790795538a8a923b48b10a51cd52465e7ec4be87d3c357188163ccfca9365a605de1c39e3264fa759f4216759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
16c0197799f78a3e6bb717c82f91c152

SHA1
8d48165dd8eaa2390ffffa66d1cd6ba5e61b1e77

SHA256
634d2ec52deff34013f67af02bf534054e67d2f4018c96162987dbe5fedff14d

SHA512
a92d66ced59bad3937adb6a585fa255655c40c616127813b73db944ce7972fd3d22e7f0b54da7b911a04dfeea32528d969a9f723857384a2609714d503d886fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d972627410ec47c36d24f1d065633939

SHA1
7113fd750a74d718dca0b3eb30c66c283720c64d

SHA256
9516e5427ff85e63ca6cc115aa5c63676a293437d8ced302f02ac976ec5c10f5

SHA512
907dae7125bc7c8fd542cd71e2efd5a74267ee212cbcb31089c0c7a9dceaab2b0c734d9d1fcaf99f1ecb03366ff1f835c5435cc1a49ab932b21279ed026f0b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2e2b85965dc89bae2a510331c84511b9

SHA1
5b2be8265434c3ed1f2518e47e956292ac9fb2d6

SHA256
4b30c0459bb4cf281dd00412f561a7d58593b6e7615f10bd138d0d059152b402

SHA512
5e3596c4723e9bcb6be5fa71260cc45964f4ce8c9bb09387fcd2d08e348f76c622cf88604e4c740d48a239ceeac38301fc535eb5050f2d5ede68986794c10133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ac9.TMP

Filesize
1KB

MD5
71329d93451f21aef2ee7d914d347d45

SHA1
2d59391ced718986cbea6db9e486cb485697ed81

SHA256
504ecd27240048ad0e036b2c059d1aeaf704c2a9c381f48ff66d02e1c67e0aad

SHA512
cad9c694a8a532f807aaafc55258be9fe8cddf2fb71a6e5983d3a237fccb1c11c4af4982059641d1c7c5dbd2d5cb8a93b0f71b54b93fe376b051ae4f7acabd3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bfafa6a0-41de-4539-b32e-a7616826c475.tmp

Filesize
2KB

MD5
f342b357a1f60d1c10e5afaf0770c81a

SHA1
016b0fc64789ccbc742d832bfb71cdb0dd2c4419

SHA256
e81ab1002307df0f5ee56a9790230f12d0f658f8fc12c7367de4748809cacf84

SHA512
2747679d2ab7975f5190b8a9654fb4b61aad8cc25e6f3a874847c8d9345e6a08322d9461d8605045b5a8a09c70d492f65ab013ae7ee67f2c52388970306f9290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
da704402fc65dd8cbdf5021407fca8f6

SHA1
18a64bb3a742845aa91acc1bec93f52b66038b6b

SHA256
f64488c5d497f9bf2439f06bce2857ce1c9f75e975ac906d852ff9a05acb9ae4

SHA512
f63644cbcfe80296ed8188938f75f3851c5a05ad0f95587cf68492eeda1b5295a6623e48efa9784b5ca539e19c95f1b6f2ae8c83a83db0315abc709aa24525a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
90dd989b19d8f848b9878746a4e242b4

SHA1
a0294737a78a1942c7373fd35bba9d3eb55e5754

SHA256
4c796d0d43201859453e62db5e39b445732c73591a6cdd1cc9b63589534ef797

SHA512
4e564fdf60a2a98497d047cb43b78334e5d61db304d78b255fa9206577c74982d48ed3e7b4985db6c3b47265a3e5c4062dd41d9c8a9965ad2647f97766fad984

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\72037d3c-12ac-4c06-b418-4f7b45c9f8eb.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
44395f4fe3eb84983089da62c8c43f4a

SHA1
0b79a37b6d7e1dcbcf23e321abaf55168c99c13a

SHA256
f7b2c09b9dcd936867bddf844a1fedf518eb751d8386348d44c4ec98536b11c7

SHA512
4778c43c4499ea7164fc15dd9b4dfd9cf0232f7adce227a5576168115f59e0af54ed2df6589dcf34c39afba56ef358a5c154c263734f9dbfa6634469e2995f43

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
fb38c23786d06c3e27708d728e79222a

SHA1
ee1a579313476512f0fcb68426da2b66b06e7a97

SHA256
08e1cc3e3c563283e32fc4cfb358ec2d56a849b83bf4c0700af52ecfaaf7831f

SHA512
fd868589351b71067ba668897126bc6c9aa855e628be4b98cf66dda2104f614c2cad5fd073263d70d367d2113ad8ad554fb8151010ffb69da9a899fe3eaaf21c

Download Submit