caba108ecd1e8601819b9863c8f790b8f93f00d607e0d5a2089bb8148905128f

Analysis

max time kernel
540s
max time network
545s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2023 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

StubBuilder/Guna.UI2.dll
Size

2.2MB
MD5

934c47fe3a9a700c9bd7256918ea2a55
SHA1

5b4ab5482adbe76e4ad27c4a3d6f1e24e2d1082e
SHA256

93875f9056684dad7f345ad63a9d9fbad8fe3c83ae9bd82f618a1e1cb5f1e8a6
SHA512

9186860bcba7dabc22812c42c4ac941930a561cba3e2dd54b6234dd068786f690302241e42a747d2cf102b1fcd325126c3b6f9174cb21702c6951847ac318ec1
SSDEEP

24576:7YiAs/rXPAYkqjW7CedtntpzuVHt7hyFpASvvD9oA3cPPEMvDbEU+rHQ/jza:7Yk/rtujLYVN701mA3v

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1722984668-1829624581-3022101259-1000\{EF6DDAD9-E933-4353-A05F-249AC205B529}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
404	msedge.exe
404	msedge.exe
2700	identity_helper.exe
2700	identity_helper.exe
4608	msedge.exe
4608	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 3612	404	msedge.exe	92
PID 404 wrote to memory of 3612	404	msedge.exe	92
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4908	404	msedge.exe	93
PID 404 wrote to memory of 4020	404	msedge.exe	94
PID 404 wrote to memory of 4020	404	msedge.exe	94
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95
PID 404 wrote to memory of 2416	404	msedge.exe	95

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\StubBuilder\Guna.UI2.dll,#1
1⤵
PID:4336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff167e46f8,0x7fff167e4708,0x7fff167e4718
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5324 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8303392302550723322,5420715968733281936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f47b83c67fe32ee32811d6611d269c

SHA1
b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

SHA256
ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

SHA512
6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
39KB

MD5
6a3bb9c5ba28ee73af6c1b53e281b0cf

SHA1
d96e403c99c1707f82ea29c2c1f134e792c64097

SHA256
2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740

SHA512
6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
357KB

MD5
ec8da516cdde6796a3f52ffe0f79951d

SHA1
18d024255850618420f2f46a9ffd8b49f4036dda

SHA256
6bed19f91e8c01e321c347740139184c6cb1fb6bb5bc878bcff507c8c1b7b3a9

SHA512
64b63c969c86fa94aee85bb2e6f8438ca7aad3a6965de47935ba904856b1880b54844f037e7f3d494ac23849172c70231aaf414376975d5a57d77a7b9b6b199c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
84KB

MD5
d3b0d6d2169bd711e73092223450a138

SHA1
943761acc19bfcf6adb7ace89f3a303dede8da4b

SHA256
f19848e7e0546a08d3397e7cb59ded3b3eae8ba3b62d456a7c5217f25bea5ae3

SHA512
a22b26e2299e5d27855488d08323e46dbf76db8493b3ebea7d3b118e7c69e82cef159237fbc00b576eaaba43f33f519563246635eb87cf7012eb50a3f1062789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
70KB

MD5
9985c020154ee9a945660caa9c202423

SHA1
25f53251f2bf58ed4225418a1261b278893a8d6b

SHA256
b4f04434a6e8804d138cc95f74c839f0e61bf8b2f61670d5ec9a84eb038d6028

SHA512
4dbf9517b3aa80186dbda15ac71b31708a6ac0e106d66168cf1e54e4b11dfbdbf77490af93fd21c5073f1abe8fb644cf1e8a8ba9bb297bcf63db8c38f6b2ab90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
275KB

MD5
ef39aacf419857219b689dcadadbba3e

SHA1
bdf1527e5068d15167fe4d00a8f11bbf4559d5c1

SHA256
3a28051041c5471da5888e6cc09dc8764a59c275afc07b9ffdb5646fdf5ce857

SHA512
d06a7b4479adf82e330e2c3ea3b0f07d9f8502176a9d3507392a5a6b94f2eeeab60cb70f6fec98ad2395f615844835947e2f0e06eb53b56474cc43b42c5e5ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
172KB

MD5
62bcc76906f17e87b57c95a6646a1acb

SHA1
3286705d70bd1cfd651438a7d6b241c551fe3a11

SHA256
1e36592cce7839ecf7d7d73a071e098ed471bccf5c3a29729be27bd3bbbfca67

SHA512
3bb158b659ae6775b0830f77b689399089a4ab0ec4c86a7be528c376d9126f7ccf5d11e08f07656fee7d3055e3a616639f6a54c6553df4a8aa08a13acb441470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
41KB

MD5
127537d2dee7da97cfde9e22bb9fcb73

SHA1
a63af446277bb9c5d9e17d3ee193b0662b18628a

SHA256
edb8e34f0dfc6bb244af4a8cd67dde9130fc2b48947ac5f847f07da8505d2deb

SHA512
884dfdb37f367ec7c07060d1196fd28a8dac88ced7edd1d6a699b673f76b2a452494b7045a4878e687975d5dde7813bd99bf17f74081f823fb5f467ae4e4a88a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
517KB

MD5
0467a5c768a2292c5e44332671780f5e

SHA1
18021b044fecacec14c491e0d0f30f36ec645939

SHA256
48c7c0b574b70d5dc6217d501494ee8c4d7b41a401e33b2b2a1dabffcea18d27

SHA512
a44c1bbec1877a7142b5a964e63355f548fb7a6c745362a7e1a1f5e7a5377407f8e1c5f69d52cf4b8e2e300cf10c6442aeaf08a58714752e6d89083336c7deaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\279054639a86d460_0

Filesize
385B

MD5
68fd3a5ab709d44b7ee772110a8e8322

SHA1
e621219616fae44314bf492f7409f04c12762de1

SHA256
36054d3cf27e6248d77343ee8b1c1373479fd27d702e73fa14b7af81773524a0

SHA512
58d1cdc3e3983d281eba0ffa332925cc2dd1e201b2fcbff4a5a18d3f442b98dc930b2d56df18079cf3fbb18ccf70dfb2a58fff913b168ba4acdaac1083e2206d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\88e0fcdd3b1c8ee0_0

Filesize
142KB

MD5
86608c24af98046d6b62cb78e8725b6e

SHA1
a502538f16c229197c3440724a7946725072aeb0

SHA256
16e3b73e086c8e4051929fa03a2127ac609ded8561431c5a1b6dfdbb3cada2c0

SHA512
7f2df96d9c17398e2731ad79070c1eef67219843e5e4f4e9628675bc7b8833ab49d99eeb75671e6ecf0812544de2016fd7a775c65357b1fcdee4c5038ca5f61a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b5a73f3695dd47ff4023b71afea8f7e9

SHA1
16f50a07c401629869084e7265e815ff4a6c3cc7

SHA256
5d4ae7d2f60dbd144c6e37a54836b2b2d905e3e7dc25a3a48288f5173bf6400e

SHA512
de59628d3b748f8940ec0748ea6f7119d351dd488992781c75d6e54b5ac1682e32dfb4cef8c1cdae7355ecb09d95aaf113cefc9dd26a8f3a717d7bf608e45035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
27a94b7ba5562be9d5f88e0db4172aa9

SHA1
b09a07b4491c39f64fb0f3e6b143fcaf4a556820

SHA256
f06ff17671093a6ba2158f2ab60a681ed977c402735acc78af3eacaf658f0ed0

SHA512
3519a0bce05e92976a3e07250c2bca67e8b718b6a51dc9db28a080f2e8d7835bba6f8686a6279b88b147e5cb6858a8f19419fbe6831409c2a06d5ef6e75d1d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
01b58bb7580894768de50bca93d1f97c

SHA1
9b427306fcb778fe7d089076a1fc2847756693f2

SHA256
c8ecdb46888ae15023967183ae613863d6065de9a06ec06e60c806ba85b411d8

SHA512
9284603fd084b2a6a1fbfc6203eb2c698b6e58f5edba72bc4f992090f95e7510b8524ca6ae2f7ca5ba6a229724031d65ce1bb9f5cb1591771c8673c353e5e262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3aabd081e0c23943deed447bfeadd4b5

SHA1
3436fde26a962ca2b6130bdc5efd849834597620

SHA256
f67c48c5062d3634e2f145812a90add1e55cdf391e766bfb2b820c6a2e4a7f83

SHA512
714d34f3edf62549064a5bfcbeaea180a022d61dce7e7f9b3e6417eb6f23fa790e29d86ba7d463433c653527de32a892f0d127ac46261953a47e7faaf6af28ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b1a84de5af3cffe7fa854af6ad2830b3

SHA1
97fe1d86fc3b26514369d53458ce672b01eab440

SHA256
2558dd5168c93566e036d62f1b25f45f59a5026ac9ecc59e5d7d01c16072e8e6

SHA512
1234a603880f4a76f7ea243b0000a8c81f3a464bc644ec1d56e8add5fd5bbff931cc5f475af825e29b2d361f3d4a974df3494759610abf90225555fc56369cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
476a8ca19e579a62d45141c3db0480d2

SHA1
2d33a9a47eee7664b375c702433f6fb629221b16

SHA256
9496da5be85f45128aee558ff6b574b8f558c6c8679f298726e7ecf4637f6d01

SHA512
12feb4335b7de48f3b10686c2a198b4cdbf275d90aeffad14fbdad016125f0442d8e62f84ce6405cbc7814cdd1ee19a67887eb406c884207074fc3d269e9b89a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
442c701318220cea4dec77b4006990e4

SHA1
b2313e2cd0ba82940d98564e5a22cff97bd1e494

SHA256
a8857a89a5af69d433f66931ba7e898bfa56811173d876535a75a39c5db5793d

SHA512
5331f27570aad4e6cccecd5b956bcc5501a9b13add9e00377eb9093f49f56fae6df10967439880ec15d075918fa5fd4c3b6fbe481268a0a3a3044e30940df0f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6926dc487d7bacc9cc06adea55b1f405

SHA1
46861d528d6f39e92e628fd3b590ab01112ac4b1

SHA256
3e2eabed287e46966192470c7ed70251b3b6fa107b8dc943b10bb748b10dd010

SHA512
68e7d5d997533fc0486c0feda23e2d14b0e20f43c2534982a12c0982a7a02c46cb7f24c8fe9af6bf44fe84795fb139478047195778a56a4ae36f23eb548b2f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7510d00cbcf756ab08131cd0e8dc0099

SHA1
21159139372fa4a98af2d1186912a60647a96377

SHA256
15e4079af4c58c768503746c64478a8df75a7521b8c070bc49ebd2269c71b73c

SHA512
12f40e2b51502955ece17a4a95c4184d76b5fb0dba32e12de72ebaaaa525d599e2edeadde60962453ff121ed3d13e99473c2e95f1eeb66bc434ff5f88e00d79c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49fd0acce8961b85a9e8db0d4baa2ce9

SHA1
d8d70f241208f7e289d4b4786f379c2ddbcc5542

SHA256
ac4ed779d0efbe634c3c263e3050a717b05fc25daf61db1b545408c055ac2ae1

SHA512
c2bbf733845634bc11e18a8ac9a473afa193af85d9123f98dc02a66507cacf6f1a28fd6a19daf2c93e68270a49e66a3260fcefd1116760f610d5d8ef90c5e9bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1c045e1a53fb36c009cf4c97371c0995

SHA1
e1dbf669389eecaa39073056d37c68004210cd06

SHA256
7081f40056f2b0edfc996206fca0287ad1af622fa6385269202c4429784942a1

SHA512
3eceb33a6458a28c53bd7a0a3ea348a475c136d8dce61e23b38b15389d257c1c2654fcb7ae243fcdcccacbc550f53028016b6340958591f2e736d526d055d0d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8b657da0033f33d458a242b14179c83c

SHA1
b0b7b32e326f391ef8c96c1761495f4e82c65d89

SHA256
32e7d9a11a9c29bacbdf8aa6265680a00a7c4cd0174ccccfeab16b954c4fde2c

SHA512
6e03c18661ebe89e01689b0f75a3061597525cbb6ba73cb0a80ff3ec7f5dfc801b4e9704d00abbe3a98890856c78d4f1cf026def39637bf248806f83fdc6889d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ce6cb93de5241d371d292a26d898e6e

SHA1
0b38b6324b8b101d82ec45bca651c65e5aa63afa

SHA256
9898a69d2cb5943cabcecd97414e34eaba3d4e47fa3180a09da7cfe56e84763d

SHA512
d940e755146c8f0a719ee701a6350f882aa6bc362ebf0ffca3136f14d868dbe8b518b4cd0d11437d94667c61f9002bbc34ecaafd3a579a9353b038d2fb689020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bdd00a750856866102cc7f9f3366a219

SHA1
2fab3d2f6250a651783fa0f653173721e6fe87c8

SHA256
e717d75082827542b1e4ca4e294a94d14a58d34c859f9a3afbf4428e3c0cb5f8

SHA512
59a7b7ea026632c53a453c353ba654b2bd76d079fe62f458d3875a5240b97975eb51c2cdba29113abd343de7a8072ec373d279fd9a352fa60361e4bf84f889bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93bba72fca392bb8963dc2f6cd8be7ac

SHA1
a2709effd6a47737503b4ae134619b563354c7cb

SHA256
af2543dae47640a780335f2181d2ffa0b4431c6c5daa94cabe10f37d53703d23

SHA512
a09b51d1c07ae55215cab551bb515e5a4e6e96706b88b6c9a18d44a860db5177b8ddb736b6df6521daceea2b6ff7c56ce30ddb528b3b0325b258b3eecf8e08a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3de7069a6b6060fa0f069b7081c6965c

SHA1
bea87eebeb107aaa6a66961a400d8cd7a303e573

SHA256
d6d8d26d826d1cb7e0362f73dac1c04fcfac16be7ac64b2339d71d9afc0c8ae2

SHA512
f0676cdae995023618a4edf40a2ac24389855fe60dde2b5e62b4ad724dc8a448616d11a6e224da3b71c446884f774cc0a02a5795b92e43215c673d66ccfde29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0f17a9131011fe94317cdaf9f7dc481a

SHA1
fb7f58f5d3e566a3d4b64b648d566703202501f7

SHA256
3e7d8f9d932d138abbf0907a628857f837a04338f6f80c3610cb71fd2aa929b5

SHA512
2db1bf2c8e21625f118879afa98ceebffc945f4934b5c079882eb2b6e711481db19c8728ab0a0156c3583c01f6f034861c5dc207ca85bbef23af6fced9eccb9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5544c64f2a8f49dabc19eb84267b1c9b

SHA1
c5b78d63a8bab1c7b985f7ea2f268d0d7809071e

SHA256
a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f

SHA512
38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
dd2eccdb9974f31554171db4f13c2682

SHA1
7b056172ac5219dc3c64e6518a6245c9c9ae8e8a

SHA256
f1fa6793af14c32ff54fb51c512ac4010dd5d3086e152259d1bdef8b8cbfacf9

SHA512
8eedb26663c787f15781a15a39f1498e0843edc173f3fc295886deaaa9bb7925951d50ee882c01b23d6500a67d6327a920d5dd3fdb30f79867285bc70ba464b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
859e84118f9029070189485cc59ba408

SHA1
b799120d18171e9115b35e3c1135d519b86badc5

SHA256
3538784182a795c17a55732a51c6b61bb6ae218ba83f0c29fe2a936e05eb9350

SHA512
a244f011688a8451640ff840281810b8ef892f5bc6acf61341a30de160f1ddfd71d5f66f793ef038656d682853e31052b84b5ef8e6462fcdf499d994f7f63836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
6528e55ca6b2ebb87db45fc42ea54726

SHA1
91a61aad208b31751b543fb2ad621fcc7b12527b

SHA256
d69e2d64f381cffcf4fa20fa26c925ebaa29c9d7ed1ad9a169c9b1aa829346c2

SHA512
626248f84300920249dc2c308c16b6636cbe81ec830ef3cb0c59e2b9559d740ddc3e08b0d54e39a6d0d0db728d7618d652921840e63b9b093d4d60bbc4352594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
fc8a119419c6e4eba77a30999c973c23

SHA1
00b99efb76b648941cd8bcbcaed06a065b368b45

SHA256
2b94e07007a921222213382f965fd515a7d2a51375f76cb438ec0faf0aeb4b3b

SHA512
4aa54df64b9669f2c65cd9476da0ddbc498a572ac7db40078d639cb68c077b13a7e26f6628de16b6a0a52d37f4f349e4925c7de740ae9b4e6a049f66b1945559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
d876d22ba44dca0d0b69d0bcfa9617a0

SHA1
f20efb579bcfd4b8f4331d807ae704434bd504ce

SHA256
eabcb7a1ac11f68364652ce52a0ab089e634f7f4a56a7263cce05fcfe8c8b3b9

SHA512
343a1674a096e7cb61b7aa343190e6d9d5ee745b8198018ed9f116eea5553b83295da3829bcbbe16d04e13da788337b68e1cee17cc0b9d026d055a85e0d8b528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d87a124173704e5f8b3c925a436455c

SHA1
36d438967f971b2c0a84bd69c200ba68f6566d93

SHA256
e42cf4f2a0fe01883f0e08dfd07dca3319e257c14bdd167bbc7fc78a9b31eb79

SHA512
1b398db30e1faa27d11acb4dee9d91389acd46cfd9ebe50cab1116d66b501660a062231c55957ac055fdecfdfd7f3250c083e9b77749683e3f0fde03e11753a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c01ead0ca3a28bf8620b495a983b3233

SHA1
7f19de42ad30924c0803f52a6f471a424e3029a8

SHA256
2654f98dd0ea23d5037bc39255bdd644c3a04ee8d9c4a7e8934c166d0342c534

SHA512
126ea2a632dc21e500ddac662b3333dafeba83f2524b592f38fc8aed97d9f2436db56bd2c63904fd3f149e82712897d8da7b8a61db9458bf82137295f714b547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
c6b06b34928732902ebf302d54f4d174

SHA1
0c895fb30ab930b2e688cbf162b78f1136dd4818

SHA256
7883225dc1da3d696f10cac1ff20585ea3c8647b25acd985ce4269eb3c61debd

SHA512
b409b53236224e347311cc765569a47994d0e75e3736142eac66ace615a22f501bda75d7e85b0225248b6ff292bdb5cd01dcfcd91fac3aaa822744dafcf7848a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ecb5fa78845cede3194b15ff896455d4

SHA1
948aab58eac9ba27a52eee6f1b0b43c57e466e45

SHA256
ae3acb226d7e0dcb82ea83785a35071285f985ec9fcea7c298326fee3096951f

SHA512
96325928c063c7f1464f3a1b0222561dd6c7aa5e2aafd28a344f29c0c8db6655ba4a5e7eedc728821b5f1e207cf0be3cb1834845fdef7cde54aa18c05437303b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ad0465973c1441c2bcd1a413105fbb4

SHA1
ddad8cb0b7da3b48ed1cd47df9f9f5c9f57e6628

SHA256
4895dbe432254a1cec808adb56b199c3a5a82a9e01d1113c59ce08ab8dec2291

SHA512
111feaade337f451cdd9bc20551ba2e14d75d8476da78858f4c550afc2d87295cd59e10e4f06cba79cf4b17d4fe43e6474eb237739f832c951c32fa25e1bf67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59fc48.TMP

Filesize
702B

MD5
4bfdc21372bae3da97fb196f8f9508a8

SHA1
166a89ec4b10771e8827ee9c035ed7cf2f1937ff

SHA256
bb4af8d22c082bdcc7f5050362176a9d005fc00a1bfd676d3f8894c059a91c3d

SHA512
bf6a2da75a4532e09a9dcf16bb8419d1dfb52a50e67f325ee799f6cfc06824eb84cf2ef4ae3d5f2df1e8f1f3cd28fb74e7363c7be830807f634806a2038e46ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
267be4ca173bd5073d0d007bbfd95a1a

SHA1
bf72472b1817061985fcde8fc29725f77ffc7342

SHA256
0e78289fae551146a728fb04202900ab46a0ac2afe5e60fe0b8d0f073ca5000a

SHA512
f5fe800f9e26e0f3e5250598ded1b0c20f6acf98d6af2c65ae3156d9c5fd914c2a647362d1f7c6280759b6c1381af6857c01279a77662046e93754e1ac1d4400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b2cba32c-d24b-4217-add1-76b440f2483b.tmp

Filesize
13KB

MD5
48213f812fae7b0a17f313d02386aa69

SHA1
abeb57234d4d92cefbda4c97c74e407c27b1ad91

SHA256
a89e26bc14030f689dadbbf968f827acc4216be06437222d577136b0cd53efef

SHA512
dc69f89cd0ede9ddc0ababcd8395d4b5e8d49c83aba4252f5dda3b126ae613551229956138c500210378f8194c778ea7b004887924b148953bc405f70bd709ac

Download Submit