hxxp://kuno-gae[.]com/d7baruhashem[.]com?adTagId=81dff0b0-0d3b-11ea-86a1-0a97765f9322&cpm=0[.]0001&keywords=games,movies,news,videos&fallbackUrl=hxxps://www[.]huobi[.]com/en-us/v/register/double-invite/?invite_code=bvuy4223&inviter_id=11345710

Analysis

max time kernel
1199s
max time network
1195s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://kuno-gae.com/d7baruhashem.com?adTagId=81dff0b0-0d3b-11ea-86a1-0a97765f9322&cpm=0.0001&keywords=games,movies,news,videos&fallbackUrl=https://www.huobi.com/en-us/v/register/double-invite/?invite_code=bvuy4223&inviter_id=11345710

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4752	msedge.exe
4752	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
4808	identity_helper.exe
4808	identity_helper.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

Processes:

msedge.exe

pid	process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2044 wrote to memory of 3696	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 3696	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4852	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4752	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 4752	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe
PID 2044 wrote to memory of 5072	2044	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://kuno-gae.com/d7baruhashem.com?adTagId=81dff0b0-0d3b-11ea-86a1-0a97765f9322&cpm=0.0001&keywords=games,movies,news,videos&fallbackUrl=https://www.huobi.com/en-us/v/register/double-invite/?invite_code=bvuy4223&inviter_id=11345710
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcce8946f8,0x7ffcce894708,0x7ffcce894718
2⤵
PID:3696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
2⤵
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
2⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
2⤵
PID:644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
2⤵
PID:2676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
2⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
2⤵
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
2⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
2⤵
PID:1804

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 /prefetch:8
2⤵
PID:1284

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
2⤵
PID:2632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
2⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
2⤵
PID:1664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
2⤵
PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3740 /prefetch:8
2⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
2⤵
PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
2⤵
PID:2420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
2⤵
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
2⤵
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5208 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:3228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
2⤵
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
2⤵
PID:5712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
2⤵
PID:5816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
2⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
2⤵
PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
2⤵
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5691733533474474307,6810336445327181823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
2⤵
PID:6136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\64596488-d5c8-43ce-8fbf-bbb10db34682.tmp
Filesize
4KB

MD5
a2488d2c7c88cf5850883fa0909334a5

SHA1
2ee9efa406e3b8568d639c3e7b5c1da62bc7473a

SHA256
b0aa50712652ec3dea2e5d3413769f0732cf8d88ac5dfb983503a182eca74d1c

SHA512
d6b966ee7a2a1ab11b73b2f447ce96c97787e67acf83ac6a2ebd95164263fd75478ca187c52920ee4b10ad7488072c18f42b20b45b75c0a76359b7b67492dd98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
Filesize
24KB

MD5
6d3c9adfa9e78c59ac67177203e6debc

SHA1
0272f713b5c8ee2ce690b41fd0420f06e69b23c8

SHA256
dd99be476dcdc2be56f48216f68978b12c737cf795db478214628b46ebf78f3b

SHA512
7e794e9d6bea9acb595769076b2de4e964da6e42e0cf8e925a430cfa438c57821ec39e7b632b0347a0261c8d278ad4e9c89cb7d9b8084d7dcc7070df8437486e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
116cc4c6e15d0016bd154c83795b5538

SHA1
20d105e8755fa9b8878dec960099e295efcc5bd8

SHA256
6903cf12990a15eb8df60e362b52614aeb8c17d7f2c3dd7dfbef2a625f69343d

SHA512
8ec872acc3204ab9bc35f65b8ed2f5b38eca2cca0b79bfad0bf7803ca36a4676d5c9d555da558d2b0422ce7857f0299e721df3dd4d3f431ae00a228fa11dfad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
c8b2929729b205f5e7b4632376fcd06b

SHA1
cbe226bbbb9da72f4567486ab5db7d503002bb2d

SHA256
9b59839fd2b7d11358efb9884078183d843d817c3dc05b70a13ad98cec95a612

SHA512
8e93a0c8fb0824149b509d3365c62ea832d148a6ffdc5525ef206666887be4f7a7df3f8bbfba3837ce60a60b70fd11c0beff8bc8e067ec94b5aa11940a38de19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
13d66f2cafb5621c941cc8b86145c66f

SHA1
b4181a7d3ba66206b683a047630bb35eadb89fef

SHA256
974224d47ed9e87fcf011d39a3c98898e6df0b00627beed80069209412352f5a

SHA512
ffe7cc26f1cbe954e5eb664b6eaa545b4f9ba0396876cd0b25b502b6c66b6e1d6177b71a4aac82708b5f0af041d49298d655dda1e43ecda87111de05a1afb1c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
864B

MD5
83a15a3db066317ddda8e81750b91925

SHA1
333b0339372c69d0956ce94095a894bfa6880534

SHA256
fcc78d72c3bb336fbdc457cf10e6d0b2279605237f98d8195e1119c8b8630c43

SHA512
106d85926d8cb7bc842dfb115a7d57c324345f27c78c1c9bf46858d92f6a172fb7b894ca24db067b4f9d0ddb79625e39c9a5f31a30cf7ffde9d4ad50e9292818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
7798073f5d5df68cfca82540d79f9f66

SHA1
2f09f93af15f47d26b8fb46ecf463e7867f196f4

SHA256
6956d11a0955db276f847380543a383e8fa9500b2b0af81eeb87408287953d64

SHA512
db93dc587bc293a362bfe6281c1ebea37c4dc6acba5d763af8831890d380eb0549e8b743d03bf2f927b03d1f7eb860f9090e9d9716bbb517b9d0d3f8674e6cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
3d35dbf5750729ad3813be9b6c3b1965

SHA1
0b9e463008f2be614ef904dcd6c95f8ae6be3ef4

SHA256
7e65be56fc4f7343be01a00d1cac21d0cb83754d722b9c5bd3b4b1f741545431

SHA512
6d7340080878f95f54d05681ffd2daf0d2d19b3428994a6eb8fde54805756e895c7d15152704c84d12a476afacc03938d8ca4bb50946e11449b8cd62dbef29b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
3631bc66313bbbf7e92585517aba7ad8

SHA1
c54f0772dd35bfab494dbb369791bb721e8662b8

SHA256
8abc111bfa0f1a88a116f834349823307a3cf9ffe43c8ca6184c5db3f23f8025

SHA512
3cdeeb6e26dd40397125a8692ad74d26f271b271d3baac2f1b61e8c67359d556c2adb264987d4c8db11c757713de119d7ce95a67efe6ed5d8bfe187d15cc47bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
5ca13321149c0c84eb9c5f5f0cecfbed

SHA1
1fd4e25be3480572d7902ba9cdb9e8b209141e49

SHA256
c8ade2463a1bb6432add60af8ff1ad986ec2769cfc2dfa0ed8aa3af629e060f8

SHA512
8fdbcf5a5f2936695b21359ae415c3d795e81072ecde0348b80a89ef90cc63e1f1877305367135aca5a1042637a0b2697e65997e57e5cd352d781d6956deed23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
adc8b6bb42e42dba28d9c5682cdc5872

SHA1
114e7665c5096979439cda600598a0fc7d70a7a7

SHA256
8c5cc6fef1cbc9b8815be52d64dceda637ef9f06890aedc83173045bd7ddffc8

SHA512
12a8d0b504f7a9fde45aab42dee2db84a7515d8d07241813f619e0bc355318b06364d6e6f8509d43fb465e78c7ec1a433936a8f0e5d6fa61f0a8f28f7201aa63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
b666523010f25cbde5b7eca2ba792bf4

SHA1
bb8a0e2001cb84d13bf57205abfc43c62830dcb0

SHA256
a81ba885cd606bf881c62fe2a3f50867ce811a598fbde4f2d705860b3396f112

SHA512
bea24c1383c56039f14a4e4ed4fc4c10bddfce543104461cfb5c260ea9dcf1c30efe9b2a560d014c9f332168b8f073ff71cc051069c99dfb42a18b524c4f3517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
a133ddddce4c5baf1b5de8e332bd80a3

SHA1
0c9a64ed0d46c17f613b961187792fec5066f7f7

SHA256
e9536c96629112a756be8d94ba4a8e9d97989054171b90ff43c4b08173f2fb11

SHA512
fd48d681127c5388a46f64aa1c2dfbd4d1e03d5021e70991617c4d004fd32a9c9566c14c0c639f90a352116879609ebb728ef1688a14a19ef03b27a1062574bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
001e20feb50851e5f2d19379c0e9388a

SHA1
9795946898489604a313545927fa5f8bf7cbc588

SHA256
1c8c84a1bdee21058e1f780837d0e5f47313b675473bb46fb03f5bb22b676551

SHA512
2d15e54c70a949b4657da8f182561dd6e2738049de9d57733229d53540f2a1c9b8dfcd9d308ac258072241fd17c49cc9d00d435645ee52f3e62697b0f0009faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
3de124c20cc7e6538b6244a7bf681d31

SHA1
b34edda67e14ef2a80a3d1f20eedd74142cd20ae

SHA256
0447f6a823acf357fb2fb5e70ce68886d9501af5b84d940cde1fe62f868bd0ab

SHA512
12dc7b8811c62bbfbdd1a7e5fcd357ee4d2abd64c5e3172728fda503a5e88239cb037cfc6b32437d47bf09e6f7f1786f1857f816e6975263707bc12c7bb3cb4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8e65bb2a13f94af5f274896de83ef48c

SHA1
4fce840498a0b61916acff7c11310dff62a02663

SHA256
b19fe8dab6e5a12c523f816cae612ca7446b8b009043e33b4d880746eda3c48f

SHA512
3ed890dab9f170c914c481a67fa4dcbc24dbea57087c0608e41320f403f5624b3fd4bd872b1e355977cb4cd6df38e2aab5e31a6849ad3d0e11b41ec060b3d5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
7323dfd5cb3c18068a3b5ae9fb6285d9

SHA1
ad71b8132114da4c9f8a484e5fccd80fdd68fdc9

SHA256
438c94a26a04623afe4388b25499741b0d2a4fcd9ad191643afe7a923173efa6

SHA512
f52c477c1aed2cb1475cb52a383b6ebb94c3161d46800d86a3cfbb5dac172136e313fd36ce1372c9ed43e1c1a020d84317049ed68c1798185401b33568bb2106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b1ad36a928e97469622dae007e43bf9f

SHA1
67922b7f8210f40237346705784203b353a5b6e7

SHA256
c47018a0d1a9e3b1600a6e18e5a462cff6fe4a8e102b540748e47b2eb816ec75

SHA512
f4c7c6acf4a73abf27f909f2b0934e5e29741dca2575e445e003a20243e23b04edf09cd771a16ee7db903d4b392c9f4f54e98ea651380ae877d3bb664e54885d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
a980e9036bc0cde2a440a43d1fc047c2

SHA1
8dc449167872b29f0558a679388882200634b2e0

SHA256
8e9fa9ff7f8f581776c60977fb306d039838a133121f324a7ed3415b19511ccd

SHA512
ff1e448528bd5b44c3ceb5893dc579d19c598b2ac5e1e2b292ce530ad2e8e78dbc52d31202ab6a810b63371c69dc2c640729188c6854334ed951761f9fad93c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
15ad31a14e9a92d2937174141e80c28d

SHA1
b09e8d44c07123754008ba2f9ff4b8d4e332d4e5

SHA256
bf983e704839ef295b4c957f1adeee146aaf58f2dbf5b1e2d4b709cec65eccde

SHA512
ec744a79ccbfca52357d4f0212e7afd26bc93efd566dd5d861bf0671069ba5cb7e84069e0ea091c73dee57e9de9bb412fb68852281ae9bd84c11a871f5362296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
da73d035a9cf56367a8e789126d49daf

SHA1
54e3a2daec5160fb15b708ea78abb2f42c3c2908

SHA256
63f1895f4ecc39b843a1a5d9201af586226770e299f09230be697204b34f1c10

SHA512
b6a894be409a2fdcf7bdd47be0509fe35cb09ea05a012c9d07093de2d7978567125236574726a99983e997abc2a398be3bf41ab83015cbe26f71b791969ba938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
76b08b1e49023079d54de2dabb8b71dd

SHA1
606924cfd8851e5b8f4690df1c02cabc76371e04

SHA256
8e45520c5ffb0ea3b65c78d33c582bdf5a385891a83aa2a48c068ac2d94446b9

SHA512
bec1e615cbb56bca5d4d53e9ec957ac9aa600b2bcc5e9bf74b42af5f75cef49d37781227a2cf7b6103678414118ccd92b9608814d947e527791284c6960d09b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
090ab51a999b93002241cd2f3d4ae16d

SHA1
926852c0fd2a644819edc10d23dbbc56808ae9fe

SHA256
3886a1efb150b6e32cf19bcfbd872ef026487aee75086ff8715ce7024cd9c64c

SHA512
719793ad8651c1d451f8ebdfc28ccb354606ff0e3543c37945cac5d62e0bada64d0655f5684f295260e967fe354d918fec4de294288e4d7072b892cea359699b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
51586a6c08dad6e5dae63130678767c7

SHA1
38e368c5bf71edbf0e626e11386edfc95887c7e8

SHA256
bfbea68318d7084f64cb63a3f3cd1a43fd4f4ea10c0cb85325f431c5c3938db9

SHA512
a90c49f76efe6776fb6fd066d3dfdd7a7ffe3e1e769ea9a8a7e8e9d1e38e561c7724a5e4d570ead1aaa8397c7e92393c801311a41303392575a30b2ff17dab58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
853ee25a1862ed78d69cb088f88c52a1

SHA1
a6e1f98558a2ac2ef8b2117314dfc1b69d9ea7e6

SHA256
ff394aae909024a0249d00cf5c03a0de7555eafc9aa694cd1845dee7db047d14

SHA512
7abf8b7eea0b80c92d406c509b836e2c61ab339bf423b31a736a1afe274e97970dd2627ab7c51c44833057733096861049bc48ce0f02eadd2dbcc0a1156b2ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
4291039788bf969498d9e95a4fd7577f

SHA1
d96ec553b67a32a29ed31bfdb0f39160a9a4fa92

SHA256
c15fc73d96b7cd906bcd0ff4ea3a7ff6e841f5565cea529a127ee0168164c767

SHA512
17665b99150b03b43334582d79c484162e5149928050d15337f9be1f7d86a90165e7ee0b2aaf6d85c485313a4fc6ea22d1819f5468a1dba9a5e184ccbe2e88ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
7dde7b232abed7d9c4e26c26c225f0db

SHA1
05c0af0fbe43af251270a529036feb440a7193b9

SHA256
39b17837f16214fc09bb54f8a0276160b86813a1e1dcc8bf7f74941c67d5b800

SHA512
58ac6d541806970b75b667223e9e8fdf1a04f81b6cbb277275068e16adba4ab7117be1414a4f7d4e9995a463de87305605e3de2aadc811d56d0f88c7b393cd4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
2221edddcc62a6412bb938ebd54a6020

SHA1
daa3c46e48fc1ce5966910a6847ca47cc2a10ff4

SHA256
e8dbfb95fa951d9e8ef50b54c734a8bbe7da0fe87534ae70947f5ed71c3b7fb8

SHA512
9939ec135986fde8e89260ec3115392001809dda1bc02b6ca57a6f3644c6b510eec4ecaf1d4f79078c29630742c6eddfddc1468521198704fb183de4445a303c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
f0811a83845117f31a200e2678d8dc46

SHA1
f578204b256479e6d0dea0194b6db7351e6bf191

SHA256
97ca5ede4ef6a4652f3e22417a0fbc02aeec259069ebe260e1a1a1db81e3f5a1

SHA512
35e7dddcb9b34ac83b49e0f59e3758c4e8dcb64fdf9ba810b25463631f4e7f41c78e3153ec43f3e29b9c9627225660319de411dd9a986db728b3d8ee546653cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
c8dce5b4c0c00813200502dc7670e76b

SHA1
8f7ca3ee0eb72080e83b9b59561e1915e20b570c

SHA256
527bedeaf5f51016396f0d94d281a499167197867232edf8ce23b6ba103a59c0

SHA512
1a250aed67c1bab9b974aac898beadcab293c18823aaf6b8f62a68a7cdf6095c416b7baf3725eee5af379842b984db34fd3ad10fe6c3e8d7b8817cbd1a536824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d5cdc2bb081d12c9319fb9854677b4df

SHA1
d2088837c85149a72c39e856b51dffe2835ad109

SHA256
b373088ce07cb64fce23619617e42649be7722890c360bb190ac6791dade8db1

SHA512
9bf85f56c520c59a11b0adb3f40608b619f1440ca50cd79f4f57e3bee9323014da6f6dfe6b3078fc7b952bb720351d31aa54f2e700976a86edc2f668e548420b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
e5fe2f0a8f5fdd39ad8a27201c595153

SHA1
f4a340ab0ee4f661dec0550b5f93d7aed604634a

SHA256
0d41e39e5915b0a4a5c45ba0c5a754d50ff145f8b31d9c5dbd0a19b4f7e22f95

SHA512
a7b7ba11985c602117fad4590b333c73ec3ba24a4c1ec48cce5194fc10103942c15ba50dc545ea8dc05d439dd3b07f868a11e6292399ad080d5afddc912db492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
8fdb640e13112a4ab7853a8644bada81

SHA1
a1c8b7e937daadcbf5653ea88df2d89f7a12e7f9

SHA256
f092bda0d4f62d66af4c566823783fe60b234469326f636da6bbc8334a3ed4ee

SHA512
bf058336a85bef5bf8c4007185168d09a3a06e67ef50896b2403d93d7ecb65884dcb462904fb3afb427ad12f6cc3ade148f391850b0cfe4ae93ce240f286bccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
207ff6b45613686c9bab998dc1dc1a39

SHA1
80add5da26ab157a6f549299b2d4ac5a77a1abb3

SHA256
2b07dd002d9306c126ef8aa23ec5fb396e8d41d398c53d3a2b6a0298a78ce634

SHA512
294800be1be23a0eaa2fea54df809821f48609a2ba46e0f904a9addb058050fc23557c84512820427d9c37afdfaee65ebd777786dc5a5916d13fcb8db50f2ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58fd66.TMP
Filesize
873B

MD5
b1d31f8576b0531d9e03396189d15855

SHA1
c5174dac6e113244633169674a20fdd7ca7a1c1e

SHA256
0a60c52a634a0f8ba18838ba145127033e75a4a0c5960fb59ad6f98d109e915c

SHA512
176ea29a76e27742ddd4a2cf06edc35cabba8e8e4399351b453392bba395ef51ec1203bd9e9d4b6b91171908c94350e868d95b006a7d236569e9a3da4886b971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
9b774baa87787ce3f0c5d282cafa73e5

SHA1
462ec23928e86e2e34f5a4da57b761c097c3ac75

SHA256
cb354e0a450b66fea43d502475ad183c7b320c44b279103d2e5f683510015274

SHA512
78e43f7dbb8d1936357f70f3976b743512bbecea89fe10d38ac48fd1174ff0e6f19560bfdc246de49015b83fd472ac0722de7575911cb2824ad49301c07cb647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
c1eefcf0f09e0ef4ad5416577573a47d

SHA1
4776cf301fa1fe32e43b9dca96791d48c7e9691b

SHA256
899bd2083dd8f043730cada16caf9f54a97b184ec70eb90b151f5d7d3ab6cbb3

SHA512
7056799aff034c0d048e1caa78319b93980e5630f5c244dcf6e5869db98a990d19b6495715b4200b70f6301cb2d43aa9e16dac445f07f7605f07cdc70bedc200

Download Submit
\??\pipe\LOCAL\crashpad_2044_SOKJTQOKQHPPYLKV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit