hxxps://app[.]box[.]com/s/qt90vh66ih8b9ewhcgxbwps69p0ce1f0#pdsplastics[.]com

Analysis

max time kernel
600s
max time network
594s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-01-2025 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.box.com/s/qt90vh66ih8b9ewhcgxbwps69p0ce1f0#pdsplastics.com

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
1396	msedge.exe
1396	msedge.exe
4060	identity_helper.exe
4060	identity_helper.exe
5904	msedge.exe
5904	msedge.exe
5904	msedge.exe
5904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 2376	1396	msedge.exe	82
PID 1396 wrote to memory of 2376	1396	msedge.exe	82
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4772	1396	msedge.exe	84
PID 1396 wrote to memory of 4772	1396	msedge.exe	84
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85
PID 1396 wrote to memory of 4792	1396	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://app.box.com/s/qt90vh66ih8b9ewhcgxbwps69p0ce1f0#pdsplastics.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9255346f8,0x7ff925534708,0x7ff925534718
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2644 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1148 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4073684565459303835,13348308328902124180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
30KB

MD5
ca6e0dcaf6fe11e3b4d4d299ecbab7a6

SHA1
a637b13aff3baacc733eb221226c36b71a3d3a7b

SHA256
f4a93cf3834c5f3bbbab2ba619425fb1415050a847f5bc12cd6b0bab5e68074e

SHA512
fa037f9ac77644d641bb6cd1b18722be3cd7d039738f8770d6a09cf7e5829b1602a772ab643ce8cd683a0d11e62c5ccabbd555fff25f77c39034793510543ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
17KB

MD5
570ecf58efce076d58dc61e7502c1295

SHA1
811db6899fe60e38e73bfae82ffdf0116b353533

SHA256
b5b40a682ca15ebeb15596946bb9a4e6297acc71c3174eb3b95ce860e1812219

SHA512
b8ab817de3a5081df6b1037f1190ba7128e89a8a51a13d2c7342418159fc2f4b477fed6c30d9df6a41cd626b449a164d9e5ed7f869b0ddea44b6e2b4061a2c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
18KB

MD5
56e21246c1805eccd26999115608c301

SHA1
652faad9667d47ea57aac9c2bb04c76f332bb2e6

SHA256
d20fe9f9c62fe9fd75018c9283ab1330e5009123673b61ee48f0c52bd193fc5e

SHA512
52acd5f7fc296c3e7c25839a6c363dc10ee1c5f0f67f1657588239418d866a94de87e439b6da21cd941fdf038e48e4f329df32873b90ddfded65b7850d0eb134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
1.3MB

MD5
f26b170d5e76212154afb7e1c529e6e0

SHA1
2f999ece3263d585ab4c072fee79db9f95bb69df

SHA256
1792b1a49218f7464b4b4e3c250e79592bd62e33b689ce3fa0b12fb54ea39203

SHA512
563f33eedf4429c93c3600ca8fe66af9d7cf1d70f8062eb6555f885bbe045d88cab08fb53278d086409e0fa896ee84c99e13eb6593ae81b77576bf63b4a33427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
17KB

MD5
9f5ca4eae2ccc39bfdde14175c858e9d

SHA1
af1a16824987eccaa7d700a00a8919be07574f36

SHA256
da5fc34d77182bde17a2064532954b52ee90fb779358208c8db0e97e04a7b5b3

SHA512
05b8b539942d30fb5343bf4fa95e043e7a01e5495093a76d5f75c721e477c5824449fdde5e6cc68e5124bc6e5d0d7428f14883bf1d8acfa3fb044c1d157fd8c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
71aa93576fba2c967c0181f0e9d4f115

SHA1
0522568d2acd7c1b4bc15ef229b0cb5a711b3bfc

SHA256
853521fede5e307015abc297ba130ad62625aafccc2a720bea454e455de28569

SHA512
a7d70040d35770df9544ca6fa1f10952672867a1d7643de4ca40824048a5adeca05d5938bf5b58fa46a6deaa82f09c3d2b85fcebc77ca868b7ae757be67dd8cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7e47510f56b8f2854d5803af6cf06755

SHA1
100e14d61fc00d32e2aee4c47bcc56d9e2d44dd0

SHA256
89a52fd55fcb9d8dd93a1dd2aff86269aae9c6ecd4c5fa6ce7917cf6553b1522

SHA512
e1891bef556b3785ca0a63749c31a52ccbe85b82e0ca3b6b4de56ca8050d59a12dfe7238f4158279a86ea05610a0aae6cac037ebefc8a12cfae523a18aeed4cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2da9c50f630a1ce9f6af80799ce31505

SHA1
10fbbcbcabab80335afa0aa3e19fe1a6e83ab46c

SHA256
3961404605fe4c29e832ca9e32e4f55359e41b53a0db02fb1ea56fb503f3914b

SHA512
e718f9b1fd24de73304261af0d59327560cff8405418f4f8d4ab433f5360284567995481de3c389735479726dc375c26dae5c81f29d3cc2d43de5f954c544ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b06535ef6a8caa05476b66f378a5f9c7

SHA1
9a6037410aeb211e71acf7c5fefbb0941ad46870

SHA256
e74a387ca1b57539053ce5b318bdf0965d50e46ba17710fe6e15bc4a3306b10f

SHA512
2f97b580e7072466c2d2bb952d136564a439f6b02237b412f9708704f4d1d2c9940ae6e56a79dee5cbc2adf9c3de96f1713e5988889279aa2613230c6c48998d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
7c9b4938f3b68ef32baa98b09ec2b561

SHA1
ea2c663b03d0e7e7d9fe0560ac3dde755d8d96b9

SHA256
e54c72949ba6b50282e7659f08526ea50eba8552af22eaf137bf2efa582fcd6f

SHA512
1a6d87f6f81839d722dc509548029ef59b155898c0a4a25be1d79581c9f5a3ba5a985520d93a1624ad58d98ee4bb3e148a8039245d2d517c42e6ceb08c6903f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6a21b0980153a621f35adcdc0f102850

SHA1
11de6d28f888fed30e551792183e6c444fbe2b29

SHA256
c8f9d2767a95f3d8de6c653657cce64187fc2a9222cd0ebc19bd6b0044757c3e

SHA512
7f817783af20563726821d421e042efd878f880e5b5675106043814dbe069a0c514fa8d45559423df23d52ef57f6ae4f32b02e10e0f568259f2a673a847b96c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
767322f290a7392e4ace3e4166ac201f

SHA1
cafbdce52341842106c98d51a91601cb92a65dcd

SHA256
70259f56163dfb5f2e84cf05fd6cea78fb61fcdf109a134269571def8f4b1ef0

SHA512
39e475749df43f25c30cafc234f758b013acc84c33ef04f84b2b9f9d5b56d0d1ef26b6248e862e22f81509fe34b10bbce206ca8f003e93f93bce1334b7124baf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a26fb0ee6d8b846102d22482f76c599b

SHA1
67dc863146d5296c22b9fe3cf8b96e75c3572cc8

SHA256
5958f7a273ee09634790fcea1e3bf95d5f2cf32c7fa07f9cc383fe0277ebc358

SHA512
5c5393898d1c9239db15b87bc40d00c287a84fd0e1c1d48ea9ef2cf9abbeeb83b073fdc20457fa90db48d7a0321d5bef927c366beccbb1adc4279e36f9b3cd7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
17b65dcc4705e0fc371773aeebeb5a68

SHA1
e25f3ed2f654062ab6ce2a1e5c56c37d923b4fb4

SHA256
f40e7210b14a12b70d6bf25893c56b8f672dbf39e10f36d206900159e3085605

SHA512
18730e7681fcab815bc0cc809644b4cdeb1757c8faaf08d8933869addbf1e0995f77fbca9cca3d8a5c9127a4998e10f7bb85c48489009d5ff866e4406945bbcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d174ac418c3eacf0cceb3c997f690800

SHA1
faeba527412a62a3d4a91c6a5cd6dcc5cba7e9c5

SHA256
5e8684157779b1d3bf7bea21295f3b58cc901caae6a638eb5e749b72320a0827

SHA512
8f6e1af1b1f54a7ccd41b7c22503358f262f9fea181a3d8ea63a62a8fd8108399fe6ba27733dee7240c945a7d8061e57dcc5acc8fb6b4497099835e0ce18690f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a10f45e599f83b557cf9eb945fe806ee

SHA1
aeb71f07f1c211029cf8bf9421d0815394eec30f

SHA256
053ded7b52c3845856312b201a23dd7a04f3e4d27d063ff49845b274a3d1c8f7

SHA512
b8c0e3bfa45d726acc39a7a054ab79f9a9d09b390824e564e6b0ecbe78f0ce1cfcbaa601c67e55a977239a3d99000db80b01c1e1f92c2bcca1ff2f6fc865ad0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
763dd4a9544357cc349160081aae5e04

SHA1
4ad7794e512d2e33d6a8aa01e4ef5f2bd30839cf

SHA256
aa91e36c94ae8a59a6f4f06523821a59d4ef263ec5a8aa1b8d17bbcd4371d91f

SHA512
7183751af880b697def0b6e778b857b1de966baa355447e91ea53aa6461ff7c48cd17f57a502ee1c0740750d9bf8b8c537423803f340e46858fba9778ec6c8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
64544f747ab02c6eb9680ee1419c820e

SHA1
d97450bdeb4ae86b01baae3d6c3bd7bbe36ff55a

SHA256
41618b8ed81a2e277a95719628113a79b11de93ea25f405fe047fd75337c892b

SHA512
5398c9ca746d7e5b44a485694f3a72523f61bf48f586d2269e163e2d5498daacb5430fec3f06b96da0657f655cdfd87e0a64077620a89fea2baf7caf20bc6d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bfc511f7fa100b12cb7cdd740d212840

SHA1
94a7848b52d6e24edcdbabe88e89262404360491

SHA256
15bde6da8d388242d8b29bd13185a0ad54bf9dbd6f20563ff336cd9aa4f0676c

SHA512
a15947765da97eda08c6d5ce8497f5e2433f31e55406efa39cbfe789cae1dfa946cb19b0b07829c9ac26ae6ef9e3879a0719dc455411a892ede1d404bac3976a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8548178e8ec714abd8ae651e20ff0a97

SHA1
4c5d3a1d6ce62e108f1f50af8cffb6bbfe55a177

SHA256
c4defd8f2a68f7b1868f6ce5424fed9c177c6a9b922d6b04c632553a6ca03a92

SHA512
ac0adf78e1d0eacfe3561a181c4b24357baff1519a37ba0fee39f3fbc1aa19bcb108aad5e9ebb7ec15dabe2cdcaafded3e23d2f8ef88b2ebc7f4ab65c3f89ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
10f7d3848ff6f9dbfceaac70e3b61f15

SHA1
8f67fa1cda229cfbe04eadf1c8e5f9e9558ca413

SHA256
b0bfa17bab8cece1cdb98a414c9de0805564ed84d66a4a5f119b75de46e58d38

SHA512
106e839292792a94c3d3bc77d642d4dcc9fe0717642910b973c40d1c5d6b1ea60b9788881f96137280b62b09b39e41a136b02f3bab25e1ae7e8869cd3725172c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a58d06e8674ca11f7d09c94771d786a

SHA1
c3e055067042454e84d9c2b1836fc504820f111c

SHA256
ba4d4a6e245fee3048b744adbb3705a77e94d6606a46962f12cacd06d6818345

SHA512
e788ff2449370eb1c1c9483ba34926c7e3d45546a2ce653c0ef5aedd2139c135767edbaa65b6e6af9d1e1b6846fc6084600846b120b2b869ba325704e206725d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c446d9bd1f09fbd743b114f7df8861b7

SHA1
aab2caaeb231b8d14bb4ab4387873cfb179be85f

SHA256
4fe54643b075c4d41feb3a516cfd2b65d832e2660d524374d473bf1261b25ed9

SHA512
c0e57e9235ec51a70f6c7e059e37cf3112441389aec410bdc878e05066f7e0b2f4457b87819189c686ba2a6b78deaa9a51f22c042969b1ec41daccaeeeb1c55f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b337467adee81244d3cbd62d5062ccf5

SHA1
8f034ab7374f179f5d08de40a9448b1dffd25c12

SHA256
6f9c2d81f10c0e1a3a522bbac7d432c8d40c3505091536b6ed503b4fda08a3b4

SHA512
e9a587d143e61817eb8ead02ae57119f3b3d0b963a939b1ca8994cbcf37b585bc8b6648203c67c2f540922806af1a80e1a159e1924ac274a683fe45061fb3a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
458cbf1deca72e820d09b2e34743e7c5

SHA1
afed673bc1015955631700c93c18faaf63a562b9

SHA256
061baab7cdeac5e8450fd56ff5285e6c5b794774a0c90ecb214dd2d505bd4e63

SHA512
02f6759b9c4e22360da8db5fc3440a03def3dafe087e4806727e6e61db77196ad7c4b45fed07c69f55d2479ce30d69af5343f88f2f6576f3b536975c0686dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9a9d2f9b69f0ef0bd339fd370baee56d

SHA1
b561cb92d691f59864ce2a3ac5ab656458f60f84

SHA256
a41acbec5f49605712105310459adb6e4ef867b1db720f1a94622921460d931d

SHA512
d388f06eb133961769d5529494a87824e9820b023728c3a54487420cf9ac23337a60f41cfcd8d6ae5eafbb537af4257cc0f98bb9d2dd133387eacbe0ff1e779c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5c57557466554ef2c75a528e85ac237e

SHA1
5063f0a4ce05b2657639bef26db3a69563dd3133

SHA256
1ea8835652678aa23cb5acd2bde59f40f5e94f0224a7660577f3832cf2a4990a

SHA512
cb19a3396108a615da0b63a673782db225d296d925e2651a08ae7bf936159250818c3e208c486e5661cce895027125ae19e3933d4b0a2891704a864af028ef2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b24f0932477a5a296b6d94f6779dab63

SHA1
12beaf8f243c26f0d2d0ceea44471ad5933caac6

SHA256
6bffb7c49658527f49f8df453d4bae5f7d6a2fa8c321d77d6ed2b0c6f1af41c4

SHA512
0deab51c19b27f0dab7d74b98ccfddaa865c6a8a83dc26f95904493bc629f857a9b12c3cbc1e39fecdf2eed0af58423cfce0505c840f3be59310e159a3899e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b1b4adf25bf10b2ec14a9f01975893cb

SHA1
82399a989773c6ac2a22381ccc7d3953e633e40d

SHA256
670d7992de01235c1de7e21e4e41deaad0cc15f804459aa869855a53b1c0710f

SHA512
1baf85cf811a7c23e34d37110bd24a129d584f795a8bdefa53a7677c0467aa2795ac2cfa6e135af8bdabd31f8946c616cdf791782de502b7171c2698ed2c0ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a6470daac43deb710afce1f4b2f5ff91

SHA1
75efb3605548a7c23a753eee6babd793b87cd292

SHA256
9ce9057002a0d858626fcb7d61153d192c1732e5f27d3aa2ce7bc2452227e065

SHA512
01a5e0fdc3b7c7b8fc64928ce5b7729a1d57d6057879e6af10a1d0f404d992687a4537e0c6216f3181ff13b194e40921e722c48739cbaf5917f8253db91f5e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e6dcdc4700a077e76c8a8807806be0d1

SHA1
af685cb90f96d99ab6ec35def4bf5dc51dadd56e

SHA256
c7dc3f0133e51bc8720527eaa2c65a2037103ec62ad67607d068ce8319369e5c

SHA512
9356fe3a6e2f02068fc41679411d58ad2359e1aaa76404eb47bc6edcc5fc9c834aee4f68cc96342276a48351d79e6cec844a462daa554a888e0be488a8232c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
52b1ed48114f09e6605a6060c7126fb6

SHA1
90f9f9a26d5657862a741af2f6fe88c71d0e140d

SHA256
cfecfa41e727b6c63d1d78e58a299b524f2532ecdc0640f35eafcaba7d6d9e24

SHA512
f23decc16128cd0430ef2a636fb6ef8538d4cfee08335ea46c5d47724b4b228bd9d6ffe250b67cb1f7c49b6fba1d727de53f5dfcf170fea9bdf138f3ecf04fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dec7dda04d4f1313082f224d1ac9b463

SHA1
aabf980397ec742ffe6ebbbb555a22df69d61d65

SHA256
c9d22c7d4b0ab35820d0c6fd4c9583e945c5760cf289ae6a953718792a0aab7c

SHA512
8509b35c51f9e19418d19be417129ea76f8efb36177978f3bb1108b847b32eeb006431e1edd1b9b296d7cca13707611629085f07acb4b2aa7659a4087a962a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d82153655b2e9f3ea349dd5b307dffd0

SHA1
8a988bd9368f88e2bf73cb98bf489ccb7e60a110

SHA256
ba7893ed0fb72924ff638ad21c244442f33ffaed713c7ccc9a89b3d1702d9813

SHA512
094c2b76e1b114f0323c6f6f1235e481b2e697aff8ae3b15e17631c2d99113cdf04988cb492f9fdc75597455bbf2ae7f2522ba740170b499a6f7da63a4029a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
37e305d161befea098529826854b230e

SHA1
0b164d01ceaadbbeceddcfa9b2d740b1775c5ef5

SHA256
8397588ae06308494b965ca52b9509bb6138da51818d7fdabd92edb8c54cd371

SHA512
3397b4020dc2b10c1be1e7e782d0930b4260608301e6928ad5a9a3cd452089bf42af24aa6cac5c3926873353f4d38981f26dc527561e8acfa8b499e7af63c45a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
67aff08c3b2e7e49b6e72f37fa51711b

SHA1
ae044f13ca92bef2548bd779b9c64b1276941193

SHA256
2b6562edb8f2f10de4f924a3a25540ec9391aa4991cf823cb4cd43a24a95de51

SHA512
138df47494ed86c8f60d33fbeaf666b0c0a7a297dea72041af75c05552deafdcf347a8edf682a7256fd5aa41567ab7405148bfc80652393b7c46eaf160c7c280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d88a9df6c4725b864a712ba406d5e158

SHA1
0f93b5054e7e7861b5e6646c7691c64429306cd7

SHA256
28a0c18ee3e00865abd097698fd0498ea9243b867274dd271db6a68d4f78cc7b

SHA512
d686e0cfba4d55a9a13273c127ba6d41b240f5819b7c9a0e735737f20b5e1f62cb8dd84d561186ea97c74be4ff2ad16f96973b3c10ffd85934d59d64fc393698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1da5ab093a01f9b175fc8042d7c26a5f

SHA1
ee8a9b6645642ee8396a16c7f54449a93a21668e

SHA256
51dcc222d1d46505fbb5e7ba2c1347c7e2abd4bc82cd4a6a2a11a01f33dc3525

SHA512
a055c0e71dc8d783f32b4142d5025a434065f2428876195bbb61798978bc1c304d9d74418c386b3cc3a21045908c737495ade038a262cf13e979986cee68c091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
719e460a5530cc7fd3c9236e47c337d0

SHA1
e490242ae96b41fc093d7629f670990ec3a74bfd

SHA256
12698574a47c5a2e21cb8a199408bb973716c926d0e92a359893a1384688dd53

SHA512
f3ed56a24cf10b59dd20f8de3aca37f546e2cdfb073d6bb3a5f3fbc094e66c23e20118d2de7ae15f6d8f09484663674caaa364af28e38633a4467ff16222d86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
876B

MD5
5cf9955b592a52ac81ad64dd660ba2f7

SHA1
9a02d7b4e41afc77b9854200c5bcde4f60eb0d00

SHA256
1937515b1993bad6e91d6cf5ba27417206f5fbb544d9af82490ab96413f7e6a8

SHA512
07ec982bef033cf9304bc84fb5877afa8cd8ed8af61d5c0bb616c1e72e576c08eda0cbd4b27a77c1ab4aa9e963465fc27dc6733e5dccec9dd2b808d9ea848b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580819.TMP

Filesize
876B

MD5
a2cbb272cda46aaa76c277a9b16ad17f

SHA1
1eabb7ce533494d17bfecae8d51641f9ab92dc50

SHA256
f629ec21a3816e5a1d2b44be278beb4b6a021399acb553ce9e7b5e28d2393476

SHA512
21060bbb0aea0e7f5048051617b545212147e8248be45e4a47e77b55b46198396dd8c56593360309debc7e1dcb6b87cdacf347b5c0d934f15aae2ad958fac3f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
065e06d72d769e0f95aed5ec6c4b94c3

SHA1
c9f3a8c76a082f7ba45584bf70dc49a66e18973a

SHA256
66906f188a434c1c2bf13d7418e769cbc6ab00020c73b2dbcc359af3dda2afbe

SHA512
e8556e8bcd119b87a2aa38f25f49e29eb2d84e65282bb585b7d75dc6b20349647126d2a95d19893300d0f61a8d0ef3675c8db6cd8a771575507ab313c9b5abdd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit