hxxps://leaked-onlyfans[.]com/skybri-mega-link/

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://leaked-onlyfans.com/skybri-mega-link/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1364	msedge.exe
1364	msedge.exe
4564	msedge.exe
4564	msedge.exe
1116	identity_helper.exe
1116	identity_helper.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3552	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3552	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 1328	4564	msedge.exe	85
PID 4564 wrote to memory of 1328	4564	msedge.exe	85
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 848	4564	msedge.exe	86
PID 4564 wrote to memory of 1364	4564	msedge.exe	87
PID 4564 wrote to memory of 1364	4564	msedge.exe	87
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88
PID 4564 wrote to memory of 3088	4564	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://leaked-onlyfans.com/skybri-mega-link/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98d8246f8,0x7ff98d824708,0x7ff98d824718
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8861688582453119436,3828529783344426554,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3160

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bcaf436ee5fed204f08c14d7517436eb

SHA1
637817252f1e2ab00275cd5b5a285a22980295ff

SHA256
de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120

SHA512
7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
100KB

MD5
e59d559fa4436007f372020e6e2f6fae

SHA1
3b83358d5756edc964cac41ea4bbed0fa446e378

SHA256
698c9d59fc43e9f17e3748e4fe8f5cd914e88851bd9a89b1f4bfd4b6d800893a

SHA512
ee9561b48a5ab8944dcd447f1b080535b4723dfde0dddb2ceaa725cd23a4788840585035242d4613a034bfe7ca859c89a5159d4e09ff6f750d0c1aca30e4e061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
91KB

MD5
dd9e1d576b299f9315c6f4095e89bf06

SHA1
56da54ed1ec6eba486129b198e2a65b95edc648d

SHA256
14339bfca07e694152da72fcd578591d9e0b4f6359a38f6219712f49287670ef

SHA512
4388de8184790f2ca2856719575ee8275a55d4b7fa8f579d432fd00946fac4ab57d27b29f6e8154c3b2cec9e762769cae730a87f984d012890d281eda7cc817b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
16KB

MD5
04bba95bc0a99cee69cf76804055f05c

SHA1
630d29c3fdfbd8b8a8a201a7e02b32ca31b6b438

SHA256
2819801c269f97def561b372bc25c10d8098f1e0cc07758e6f0e5b175e074e89

SHA512
c9b0be48c21f15065a5ebc433a0b4c2dd3ca8f2ed2c0724aad66958f99c81315f3feeeae427346e2a2035ee291299aea7aff2e7a006ffe51e2eb7cc38741921b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ad

Filesize
1024KB

MD5
7e36308b3b865db37404c35c932e216d

SHA1
196c4ec9e99e9b1ee0bf779bfdb55e4d9bdb2569

SHA256
65219d081b544161a183e6afbe92cceaeeb350a76ac0a8b240b5261f3df2966a

SHA512
3e35d72ae27f5a2c6716695652bdc47ef9e2ee2cd941caf2224b9c538c27ac26eae20c0b096a34da0cbeddfb2c351fc8b36b84dc36fb2ad06bf663168387f723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1

Filesize
256KB

MD5
f4bcf4f9f68c50a04f90aede56f1612a

SHA1
3955d228537d6149399e71618650444357c1c1ae

SHA256
75f6bcdebe849259aa3696ad2259d190492e0465e41fc5782b3090852b8a0939

SHA512
3cb831d24d9b59d1f1dcb33e5ba832f1426c680f606ed25944bc30fb57e8ecff43d870b95d2c4550dcc4ff995517162c1626c158f74305e54e352006ce656d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8

Filesize
256KB

MD5
6b43767b429a7c0757d67bc71752f80e

SHA1
63b273792687c54e8f8362bdd4bd28ffa6d8f446

SHA256
2b57bad8e6ee5ca2fcfd7cc2c3141a009fe53c438d19ec32382e9d50897588cb

SHA512
d5a007b819bef2437976df17b2e5f8ae16740ccdf8fc9552b887071e8dd57575b49ee07989de6572203711a7518fb1914aff97d158011c2b6a04c8acfc5ba5ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c1

Filesize
1024KB

MD5
2ec511d17efa37cd98220a757823174c

SHA1
edc8264dcafc950fdb9564674b39650fd6441f35

SHA256
43a59253fb57b066fe36d063b6cdb1e4d437eaea8c620242b10d1888e5a03cee

SHA512
fd646dc3f66565f9b6f6dda7cf57e6728c252ca3e23687b42f2c346a4258eb5e433d5866262f213ad8b4ada050edb1d860d0d16aa5f0795c8e6adf78461d87be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a88c944fc934f7c88a79e0e724938115

SHA1
a75d96ec6929fff86f7195d5e888cc1620556c40

SHA256
3d282babda41ab365ad63ea6df340fc7e1c22a5881a15b1354d37495070e8aec

SHA512
de0f5bd2e63ce8418b607c4dd7ff62ee926fe08daa749161e9b72214a46f1e7c5228c07a1f082a02744438829a5521ff145f74c348ecaf414c30e41d617b5cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
abda00c72ee925d965bb87fc653e495b

SHA1
4e4745d14bb587db88aa525c22caddea5b75fce7

SHA256
fdcf43bd347fa3398b81d789ca720475f5a2b9a93979b494aa9f243b46db8733

SHA512
93219655793ebe98d14a47a6d010ccdc504ce94093238e2ed566b08eb19782ea01879408de80a38039a17b9619df588d498670059a4139aa8b759e66bbb1b7e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
21c3f5e390e825c8f3b5ba53dcd77117

SHA1
a8f6fec21301c67ec2e822c1972be44e2b0851c4

SHA256
a5250b66cc7c5695dff9bf16f7aac39c3404a98d1734970db926e6e6ad4edca3

SHA512
6d5b6d864b49214070ab5fc41a600d461c0169d60d997ea9df896fd87730fcb0790ecfe341e0f2e20aef28ae254bf32aef0cca943aa1c25c49266873fd55098c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
d0cbf968e7c4e47b0f6f07dea275afc4

SHA1
8d65c427a242b30a193f6b508f9ad669003b52a2

SHA256
6e93f04aed464d80b50ba04dfe6ad9ffafbe3998bc25ca15aa6e10a251647133

SHA512
e6fa58724549a61da129f8cdb4f886999a708865bbc7eff6066e271085f4e13d452f31a13a8ba883dfd7abd4a1e780b35f53a3262179a6d0672a47ca0895d1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea6be600facb61536a5ecf6b0d959334

SHA1
85907ba5ed06a0ab60f7d64278f70fb261e64efa

SHA256
b52032122308910de84df555b46d40f4efb2496ced05a225aed072d0fdaf610c

SHA512
23157b3087c5dcb4767b430928359876a8f40e195f49ab7fd1597b9368420e05d4f96e326e1c71c3a1daa25d687000cae5c1645cb115b47940f2b2c77384ecea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
69b610d2075dc5e69af167f04ec5b876

SHA1
044662084add6d7de3e1cf8ad7e8c0539c766692

SHA256
d14af2a6dc0d2f56ca40eecd635080e6ff743f81c092c1d0be9197b90aec8e85

SHA512
5bc7d9b3a4470fa7d8cfff9ea88612c1aec95ad620069ba3efd355da4a68c5719dc475ce65c5c86dd1ddd5482c6cf65206f6a2c4dbca8e5c7d3d2501e9201ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
744a6dc575ee8ad3dd94c4f8d350d213

SHA1
9d374f5a88814585d8bdfd5557d4c95f072fa973

SHA256
63cc6f10e969b787615f2dbfc0b5c39a489c24ae897811a02e3e80a743831091

SHA512
e4d17a443c452988ad9454514f1f0ab0e34bcd271a949fa6e6982c45f70768bca1256354b63aa50f047a41c625db9d4e2a4dcc0df636359efd15512ede201403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
eb630eef3065e909ed00fe8a4c807e5f

SHA1
8145bfe763b39af77c7bbef3a3bf2f1f29aaafed

SHA256
00b3b38f30e54e70110d5cb997b3a2a99d6793de0ed121d85ed5a195e72104b3

SHA512
12100b4d13d42022a8d05567cf65082f2d07701818b9512d0ee4a82d1d6f80dd7bb545f091f7e8a4ba09e6877e557c602773d785194da22af1c136a001713a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2e40d054b6df482881519013347aa574

SHA1
b873ef03735a0c0b82a6c47c9c62c755a7619258

SHA256
312d2accb9a9a92efbbcd4d5abf14c1dace479aec477a2cabd2beb26198d9d43

SHA512
5f27d2136f17fe2f30e265bfd8d8f467fef68c21ee91f51e91ed73829bba0c2faf560174abe4c9383041cb02af5bac8b0cf38be9110a210aac70d6b7bfe7ed54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6c9fd60965fd632e366cb2f6e979938c

SHA1
1769c8f165bb88814f8480775f7f46850398a245

SHA256
0f3a1d0b88834e1fef9433cc550c8b67746d5a9566f82fe4a04c81b99fc2bd72

SHA512
1f0f6635750a15926b85a064f0d750ef385025cfd03eb30dbb2545c7fc25c9485f1016c081d9a3f12719fd367ea6ead64fa2599d07226314ba840882702d70aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d1782e371fd73efaf80dd59908760cf7

SHA1
db7073676d6f16c036b09d79ecdeff96e120e5da

SHA256
2bfb8f1d9f5598724a6919cd15f34c34ae55d6d841aed8cf69a131258b7dd3b2

SHA512
4ec2a43c98b6165e0e21772eb8a97e4d37409aaa49270936d8f2215ea630fdfd57d7bfa71150d8e7164f96d35b9a5257a40a8a5943556817bcf9c520c2901b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b0ba6f0eee8f998b4d78bc4934f5fd17

SHA1
589653d624de363d3e8869c169441b143c1f39ad

SHA256
4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f

SHA512
e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5a5fd5857bb76615768eb9715977bb0e

SHA1
e79f9e61c3ba25e4438004b87208a8243ebc79a0

SHA256
ded616d1db0c220e9ca1e1ef87a3e141b2ffd437e14b9e732d99a021ba599270

SHA512
1a61203300745beca5229239bbda797cfaeed9a5edc0d0a3b79c2265a671a544f5f0fa4d6b94c4c883157a20a91280ee19dec4cb2ce2d80e94be34b0376918e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ec54.TMP

Filesize
48B

MD5
1b4fec80e019898d05a86e340a8b4bf6

SHA1
f8166c2ad4dcbb16a4175dcc0eefac5fe5929afa

SHA256
feaa7a5d43f6725ab94e7c7f29a18ad9992ec9eca3bf1510f94f4e25d4e045ca

SHA512
30473ffd97309f88118b7646025956ead791806250d9902dea0d809412135e05403de08277ac3053544022cc987fd3976dcf002b5524be8062b8073523b1dbe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1f78633fb53f61ae219112e18b8ee2c5

SHA1
b2c421838a1edcb8ee731dcf5ea95f02bf79b5b3

SHA256
08f49f281160ee18ce370cf3c8589d76736a42228ef68ab9a5f24f4a54c3bd57

SHA512
e9747ffb6f9bbda33a5037d83436a9f0162555a5985b8b54bbe82cdc3b768ae44a2d0e71b0857665263dce08ecc769e04a309f2d9e69611035762fae9f8fc662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7583f87e678694eeabe9f271b6b3d10a

SHA1
9bf05e0aaa79af31ac0f89f13b8a766328b40e4c

SHA256
885f4bf3726c1ea3c7f19f41233c5b6ae9a5c2963282dc9b85d3d6d100663102

SHA512
0d996bfa2120fc6a2f1fec659e534bd5b1d787f4d760523457af80ede435181726a7d5695118aabfabf73711417dd8b3b6a22997f3c59a5c8bfb31c9c3884ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
70072160cd6942ac1b3f5b74803e963c

SHA1
b1fbc5d10c8bfa898fb7ca013134cba36bbb453d

SHA256
6f7c7738964a063e5e610dd7ec7433010b82bdf97750d9fd35402f2ee42852bf

SHA512
ef70391953de60330293104813fd013d407696de91c318ea88320bbe6538ac9cffc7a3f27dc04ec1c3fc10afbaef3aee6b6098c861159c2a3ccadd1a50aa1dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4f031f851ea63fe62330de78302dff35

SHA1
d213b0b81663b386dc50143d587c767d9eea9c94

SHA256
46231e62c64d7c0b14a1990eb74389dfa9eca691ef687f8772af2dceddbf077c

SHA512
2889b2116af65bc4b44b76676095e4c1cf747bbf1e25c7e44d6ea9dd655f4be395a780bde924baf5f5821335fd1650983ee5ce8d9a9b89cc5125db107ba9bf27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
07fb38fd280bd5157ffd327752cd5028

SHA1
25871e9db6b0800e9c0c0878ad897474e2302cd7

SHA256
ed275b57982ea52390475ddbced1400164e2aa31897c4d1b096f4f07e6a95063

SHA512
3e5906c4dbbd4957d361cbc65cd41730bcbda533af554c980e92a8ce209296fd7da48dd64dd2a17a3b1fd76acc4b5fba5fd6c6305969778a37b5e5762112027f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
33455c1760b9b21eee8574e19ff82886

SHA1
56b28ecce3bc25bdf127f4a1b6dd682cf4d7f96c

SHA256
c82c7372bd3b4b595481933d39d3421333c706cb512f451c3a478552933f885f

SHA512
6a73447ef78f1e5d484f441ab87ec1ecdaa815cd68ac6dcf97424c3eb088191eeaea83f1a77cf753f60396ce5081d0cc4229acfdbf8ee38abce02e32ff41b1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57afa9.TMP

Filesize
203B

MD5
eb9f976c6f55e9c4e43e891fd2c3c4db

SHA1
4e24f6754c2591a4a0b9c76f1d0f5c957b275161

SHA256
625ec041e6f434fc9c6e5959c71a1fc33f2327ddd9f6cd800921af79d889b025

SHA512
b1c82d5d4290f17542a897cecc1a7028f2f89f33caa8e902f9280701447f8900dbcb51490e151cf9ddda612ba36d02c331e6a0658a3d574e73e5aa7da3bf2a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
18f4a166b0b0e1714875b802e8d392ef

SHA1
bf1de1c694c803ef52c3dbf8467e9b7b37574a73

SHA256
399520c439b8db22ffd416f9d7491666818b0f721fab4b1e93505e3598d898f4

SHA512
26677e20f99dda7b8e08620a2ae5821a13ba4146c218daa768aa71043260f9be5355055e8f62877fa96e2816d3567c74c1e6ce27f16b5a2f3b518f174b9a482c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bdc7ea9744436ff9b750da7da4a6861f

SHA1
efc81e954028736f8714e30f55002b3a8166f3f2

SHA256
cfc1f7ae92ec7defb7c579c6a5e58c52ffafc5af0c6e75b2de0b606abd69803e

SHA512
31f61a810c66b5ccc65a647e2f7f11e902756a3603711d0cbf8165c6aaa1998f51bafe00e8e48c85536c0198783cf3cf22a5128fe843b8d052e1a5a3e1b88904

Download Submit