hxxp://surf[.]dev

Analysis

max time kernel
150s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 19:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://surf.dev

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
3100	msedge.exe
3100	msedge.exe
3872	identity_helper.exe
3872	identity_helper.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 4780	3100	msedge.exe	69
PID 3100 wrote to memory of 4780	3100	msedge.exe	69
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 3080	3100	msedge.exe	87
PID 3100 wrote to memory of 2768	3100	msedge.exe	88
PID 3100 wrote to memory of 2768	3100	msedge.exe	88
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89
PID 3100 wrote to memory of 1272	3100	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://surf.dev
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81ccc46f8,0x7ff81ccc4708,0x7ff81ccc4718
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3280 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3328 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15527917961383265872,14455208811723829303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x48c 0x2ec
1⤵
PID:2860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3300b8028991d6e234684db7803b66f9

SHA1
96df26150566233e1e0201bf17b4ea896861862e

SHA256
5b7786b5ae4ba62b88bdbd0992a8fd96b37e4c7068e2fd23d0b33acf769d00cc

SHA512
2f2dff4c24d4fd60160f70d544059bf02eca983309ff46bb7a1cb4d7c413e291c1520842e1922be55a4058380cd041cb6b4d9e70cdc5e4e00880fe13472df031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7f6a4b84d93993fde98d6553834416b

SHA1
4b4a227af10826f5a2f2e9b232ddb0336b3066f1

SHA256
843a9671b3fab9337d8d600e170f9ac8b200a2faf63b5a8cd16f157bcf73c21d

SHA512
ccfe39c47109dbf71c74ff6950526be7fcd521462f80e69e27388a9757d7f1adebf5f723c46b1631ffe3e2b4aa5829655d556bff8bd7e0f9f87fca46545bfb97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
40KB

MD5
734ef54055fe941cd4a4c1772add5a1a

SHA1
8e102e3bd90da4145f232ccecd0793f3a0fc4669

SHA256
308c4af4a2c8233078b9b6c8b7d3b4f338e3d99962d2d3d50e454a2acaf36b0d

SHA512
da01d90ed049fcbb4fb9cb981584b4d885546d4fcecd8289688c0acf19271fdc2e06cd9f083ad18ec1700d18b95eacdd7ffd5c6b23dabb24cd7cbe2094744eb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
22KB

MD5
db6b7daa4d324a18d0dcec716c6e22f2

SHA1
435880d5023a1037da7d9e0a27bd25023471381d

SHA256
ea1651d4da736ab36d3cc94ed5d9cfa8aed18112ec6770a43973e597e0d374d9

SHA512
6b866bb5032512b73149c6153fcabe8edf1f105dea3bd80f84dbf62292b20e47e4bf7ce9543dd7b8f745d029962bab8a54b7aa2db91c5be212f28ee564d87ec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
29KB

MD5
c8f14a62c63e02b31f475d5ba7111e6d

SHA1
d4dea786a748e1cea3512a2367cd9559fbcb5261

SHA256
c48995035671714ce6c5370e077c92e7b2b7dc977a04cb546df2488755280139

SHA512
b0c074820bde3c969b8decf6579853e6c238e70f7151533a239f221baee63449bd6bd75b0f690ff281ecaa47dc3965929cef77e8a00ebe1d01c541b250a792ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
54KB

MD5
bbe34da6f60c8a8ac3ccb46277eb23cd

SHA1
2c3698498e2dff3e721a0f190b3b4fc27732fa6d

SHA256
939b25d7cb0403ebc7989239ea361d955719c3a5c8128d4ab93e1aee30daeba5

SHA512
e0b9a5ef6f547b7c01faa6a64e15f941394881cecaf6f6c06dbfdeb7617ced7532158ff8f92313cf4538f54b2c45437f627e7ce64f7afb9b79927b50c790845f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
7fcefc6895c87c757b231620e0143540

SHA1
9dd41cda3d23ca283aa199b2e64a2b78e5387a34

SHA256
3ccc70a2fbeb8af35ac1d6ced5d143ee75a71c0b609f81b72c5b68d2611f5fd9

SHA512
1c9c0461229c8e62187a7315d8f471098fa9d89ca203b292a8c275bb64ba8ba3f9822abf313def4b14e24908890d9abc0b3454507312520e21437db0456aa8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
67KB

MD5
e955830f435a5c668dfceb2e7548200d

SHA1
36aaae32c16e5c193e015a5024f5f60fb4957141

SHA256
fccaafb1eaeab369a2af869f4a477155addc638cacedd03d0ee79218f3340476

SHA512
8f5c65bf4f7141916a417672bd70b7d81f0b2bebf3a3ef3c51c79f179e855d097fb409dc3ea3d824f282ae50256180441b0bb050d5e7a6fde843536fa88de13b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
32KB

MD5
79db8d0e98af036659a9511b0f10bcc9

SHA1
13ee80769d9a4e31fe146033c7dbeb02cf45e55d

SHA256
714cfbc8e4b3f224102a517dd5f39c85e114b27163602159deee4d8c4a8602f0

SHA512
421388af08f8c97ba1c3fa033885ada88565fb90a0fbe51eba265e6ddb8ae0b891d75d4295cd178370a863af62b4fbec11cfe5b78ed96d30581b26c289d2539c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
83KB

MD5
4b2aac811d73c7282afd49e3daa5fa54

SHA1
2dfb59a6da3f33d1de8319ff1d88e2e3265c2917

SHA256
95f02fa3f32e89134ac500ffadec13e3899c77bac3989d616cc2fc122d44bcb8

SHA512
28b25615144117ca2121f47ae551f8838e7c86409b6d0bd5fb28e859bf7fe204f464557602cc91ac10f5457f832929447a89da8303ea7405c6c44f6772706453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
104KB

MD5
5aa26fcbe657822b210fb970895a9611

SHA1
83f2e2c3e5eeafbf191a90b9f77f41f1e53a8fa6

SHA256
048571ab756a1ca697775fe11ef0c6109431f84f21709f03e3f28a3769db9ce2

SHA512
9461b9760c7b5c1c790a1dccf242d69923123872e92627957c82c5c6df43c080bccaa36a90db1f0bae3b7847277116d7d46093607d6e77dcf37eee1c491159b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
70KB

MD5
c0724f039217d091f9354120863b275f

SHA1
8f3a4ed94855d9f15c11b404bf92bfc5707e4437

SHA256
ffec0caab72eb85ddaa8457d457c6e52b63b975f9700cf44b636dfd2ec9c6be0

SHA512
d7dcf5335bf69e21dac9aeae05b518f07e9094265dd1d3dce1883d6c66657347d02339341ef63f52bfb729d6ee08e3a6e199c18a1e7cdd212bf39fdbdad33bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
17KB

MD5
c61a51e3bbf34e9d99500a6aa1124ffd

SHA1
c88e7439ad055f864ef448e977975e6fffc3661a

SHA256
d07b15dc0baf367c690df55d193a0e4f708e4f1361837ea0265d14c88957397d

SHA512
60e9f6166bd6c0ff196622da9e79d242f20ae3e0aac184193643ff294b98ffff931262f54c399b5ab5ae21874f8d27562f50123fe587b0b6a0d413c3c170af82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
72KB

MD5
ee45ec99a41c56fdf6e7582b16749f79

SHA1
b5a24caddb8e7b49010e31318290245535d8e2ce

SHA256
5a93ff63e35ddcc34f6210229ac5da8eb8ba2fa71ce28cff5d2c11b563dafc89

SHA512
b7bf4464a87942c7e104b7d62749bca2cbd19a0760198718e7bc4ec86f8a34e991ad31e1700494746bd592462ae1330c6e9382526299e99e2543f06b3e7f6acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\17b2e27639606477_0

Filesize
242KB

MD5
6903647cccde8402cf615de2f76a8853

SHA1
bc126d7b221d0290841e1968b960ef552a4b2572

SHA256
adee74ab840883ccae99c82f6a815297f5dc70e869b6f096991f9e0941c94f64

SHA512
8272ae18752fc059496d06658f4494db34cabd611b68223e50135a46461abb00a3197423a6efd241a352d40ae393b3bb0bb0994de3dae3bcf4fd36e65ed48d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2efb72ac1e0f3a6a_0

Filesize
3KB

MD5
e8e5b340730dae77fd26f68e17a866e6

SHA1
ca33c05c4cbb11ed73ef1599e1bea19df8edfea5

SHA256
4a273889b6d93d0a76e2cdf34753a0fb7677232c503a313aaa8f0f6c56b8d62d

SHA512
c3691eb4657664b9323486b28ccd1512595e2746ebe24e55d9f8e9cdd4eb87b83d9e44cdd3c4113f5a64839919e61e7d490f4e207a2f7f9192a07ede94e9c68f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3961564b63e967ef_0

Filesize
75KB

MD5
ae30732740e4c051e3eed1d3f2547c24

SHA1
ca29ccf0644ce9a403fd998f6b49c4dbc00571c6

SHA256
57e91cb3b4b6070792cdb27e4c66eabc1087ec42b7153de8b4a767ebd63b18e7

SHA512
e48e9f52f6979552b7dfc84a9bd9e3da6cd104da43cdea1158c1515aeb1f922f58b9e03d81d7c5c6a01416acc036ab09421247f126b6b2a1429ae5b8399d3edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f72585f87428ef0_0

Filesize
276B

MD5
8a86fa7274132045b6c15654f0ef5433

SHA1
81ebccd19fa8a8731eef854d80d42a89c01d4c79

SHA256
6c485b4b7463f5db4178711e5c8e9a41d1ebeb2597b41937cf4d2f71da24dfb2

SHA512
aa40eaab6edeb1c1774f9514ee5f2ca55ac17b93de70ce3cdfe31502e8f406bf2c9017abf4c5f4d1c0b9193e6cbb591c29e045d4bda548aa1b95f085956f067e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6dab623aae1f3f6b_0

Filesize
257B

MD5
ade54515731755e412da5a67f6654a5a

SHA1
d100e73189c1a2ab6cdf4bce0ee112d11d792e4e

SHA256
40e691f00cfd724425816beb5f5b18fc75d341bbdd91fab66f0d74cf57c84b78

SHA512
0c9fa2363f7e820f70c1270927767448eacb015d3b58067c7a92a9a7750e2a29505361cd53d0e7c76010761e3ef89c447f78ee2faa861a8589b201e6f6b19dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\77fc7457c04f4963_0

Filesize
497KB

MD5
4eaf8c46e4341eecf053bd58dd572b00

SHA1
18214cb7a8b7b93695326fb30056c005515c9551

SHA256
3eb9ed4cd63686867dcece268e50a91d65ed6a8265ce9591ac4f6c3b4d52b493

SHA512
532c7206ae870bb67f3598066a228d31ddee009365b07b6d152c9f63626b87e14bf69439ad7ec0ae1d7dc0d1f2b8c585c0427035c34d417406a040eb384282fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\814e453b469d8cd6_0

Filesize
248B

MD5
300ced359240a87dac268ad2de051b2a

SHA1
0728f0119d6a3cef75e55c13b4725a3279367e31

SHA256
5e8d460ee0ff28c880a2b9b67efe3e6862c69a3f27e4a522232250fe66bfa13f

SHA512
abdcfca2b2560bd47d6d7af3821fe2f26e2cc70ee58975876c03b420e76c206c4c2c51cf68fa1fa25a011362be115dcb45ff484e6f077b8295684d3a3860d558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\91b472495a902335_0

Filesize
28KB

MD5
577ff7f06d1027f38e9b568f18bb8fec

SHA1
50b1430a5278974fe0a50fba3efb2b74f4ab9a3e

SHA256
139271aa9e3f7a4d8d931707716e321c61ca15acb887f5a475055b4256bb956a

SHA512
9668aff3350dc66beca509884c303d438cf5709a74d7cdd00399a0cce2f28306c860bf767a92eaa6198c10cc9c1723bcdbffa36f0bd1f9698cbd3d5aa919aeed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa24d676c55defa9_0

Filesize
240KB

MD5
b4a0dfe823730d1e41e18e90b677de12

SHA1
675f371208115e9e3693f035e4831e0082203326

SHA256
26a86e1436ec651910a401d680c1a0af3b7db8ae5ed6dfd8b4bbd26afb1f018c

SHA512
1afb195375956b1fbeacbf23be2989fb0480c751c005963a7f85ed9d5f8a3b45cf778c20bb2b1c7b61cd277ebc96c9fe7e9243a8a16b10c1eb3a5c6e9e3307a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b330fd56ceb19952_0

Filesize
14KB

MD5
6d9af9884b0a2e0495e070430718711f

SHA1
6bdcc45482807a9ed6758800f70d8f79a3131113

SHA256
28511e6bbb57934f007894e8ea98ba8dd8a64bdc367699d1b81bc413eefb5f36

SHA512
c9dbae44227b2e2ab1f1c6030ffb688cbd324036a424cc98f6a0fc4b0a6671357b507bc3f6a4d84cfcd23b978dc3e5b544616279e4ee070180fe47dc8640bc24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b88327f1ac9afb99_0

Filesize
6KB

MD5
dcd27e77fb3791cd7f497654b8950b95

SHA1
c36d90e925503f83086994d13c88080abd335a71

SHA256
6631806fd720219cf496cd358283d5c02941651fc743b38f07f4d7122d15142a

SHA512
b7c3fe161983a4e1bb887c391f2526d941f176c8e4588c97eb22c8f46ef6c9f580ae9c8376c0f2e7fcf944e6f365c19a7c5e7d7ac7c082092dd9e762c82b95e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c0aa58e5248a53b2_0

Filesize
238B

MD5
9c0f21d9945835268591096709091b5e

SHA1
008ee43d008e19034fd79115b4c2053a7616636d

SHA256
24600381f11326d27fa06de15f307795604a07b53cfcc15f25c1543e10be3cca

SHA512
bf984c5dffbeb6704664d09eadad0e7dda5de52846d5185efbeda9e1b2084b44a56868e0ccfab4d885d3174ee1936b2db700c9faba67793486071c8875776cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
b72ff4cacc1d8df094201ddf0ee61399

SHA1
b179b76d00dddf808054100399dde1eb7aefe825

SHA256
fa8eda5fb8ac4f3402a721af5157c1f5c15e2f46f9c5bcef66b5585c02151516

SHA512
49b717d1099c1641fdc9f8c45c31f6574afde236599b33e4305f05ad7c0deed872ef70511e297ba56931e67ef58579807bb04b09508ab8bc1eb01ecb219d2448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
cd031248195b307f2f4eaae8883b842a

SHA1
4f4d65689540174d3b84ae09e34543e8a1974c4a

SHA256
be39c24401061d420b7f43b11a88b50706c96226989e37995c0985fd872eaa34

SHA512
1172a7d1e6dfef30b9391377519eb3d3e223a8a56744567ddde1d6088e069025f3ec63d34db3a8f2ddec7be40fa929a87d41592c1ebeec98c466a06f53633e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
df8b7590ab351d1386dd08eb8e8edf60

SHA1
99e5ec7a2bd53524e29ba5e773699edc5cbe21be

SHA256
04990db177eb2f0997a4704b9dc688619a00e308cc65d32957f8845452c9e5db

SHA512
89668fee70b827b198b2a520109edbf25152258223dd3ffec226390fad19d9eb1f9159adb81e4163ec9362fdbe1f6e296452fc59a4144fb92b402e3386e7c336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9adb861acf8a0db636cbd7a66b0f0e74

SHA1
e28c7346c49efe84799cc4ee797d65b9cca85d0f

SHA256
aaa11736f0b7b67057fba0e0fa948ea62aa53a95afaa824eabd883a8b13881e0

SHA512
e9cf0898232708b039c492b4b6469a42d6fa17715c885722bbd94ce727a6902c10daf58a1952eadb1afc4ad8e0f24f3432ed7a919f25a0bfb19f942d7415543d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73158d313b2d0e3f620dd9c19431678b

SHA1
272f065f264cf37d59ed261bd0509e97b2a15d98

SHA256
41375bea7139eab17ad7d5947c436f3e0baa09d7afd315f259b516e9aaf5ec35

SHA512
3fbc604ef2449c3b57dde7bcbc9e7d42afdc3e4601e9bf751d099a12ec27428725eacf57f386dca33f8dbbb4eeb8b7da0cc711dcea066d937ff18d3fc8b812bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0cedfe185c89386a71f66c38dbcbff17

SHA1
c5e2a47bc8fc312d0e5d1076015f5579209eb5bc

SHA256
3eed893c6bab48d29252695835d6ca1bdd3f4e97170628cfff8138a09c5f4a2f

SHA512
346b0753380450df9ca89cd750d98f04b8c769b405b5c9aefa506c92a0407ef42c06360a3d04142a73f1497039f12cb426df28470e6beca26778843ef5768261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d1518d304821a0b6389dcc6284df89ff

SHA1
353d8b7ec1d92a8dccc7c73e15e24165d93b828a

SHA256
05d574df7d882b657d5436c0430b152d39737f85102ddf75745c6fa5e42240d4

SHA512
6bc2fae83e3e04de266b738e836e6875b4c736e18ad13902be99d18e4f37ad210291ddb14ef43a8ff6e78a4e94c7f3b80191cf44fc24db94c4a81d2e21b943b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0ad4d718ccaadb2632f8d3691b39821a

SHA1
6eb1b9c970302df6c0027989136628d34e7c816e

SHA256
0dd524ed38a47e829796b33f8eb55f9937805af061c2dda032a16e462380ce6b

SHA512
c3bcadad82f61f4bd080ff756a0695f81d78657d548672c3ce54efaeffc9e70c18c953f8500feaa66a3d898d6cbe68e6b30c92f6e42c3632dc51ea4145be7208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ef6f31e7e780550b8fcaff4d4544766d

SHA1
80f34f607731d0425b6184f09b0001668f5c9bfb

SHA256
a9b6a64d4cd327f72b129623d97a36bbfa5e645a4ad158bd143eaafa5fdf6295

SHA512
153671013c2f4644f06bcc8d02709bf2ee198d7a0901ad67d263a7dc0fcc0f699ea9bd20fed59dc5e65045f128ca3d089a440110e1b9c761df15421b96137598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e2e10c2edebf6b1e62caf1f94aac85c4

SHA1
0d858ffc20684acce158b6c68651deb9fbd2352f

SHA256
e72d2182639f4a94b6b04ca39aeef586dc03de3ddfccdd95556bb15189ab77c1

SHA512
6f03c001156aaf3f134947bdedce359fd79502cd465a3311ee001d3b39550e7d3ba1f21b98e3eb7f01f8bfda3f05ea34a68ae81210546868da5855bf3b2d8a06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ef3cfa3d94436a528bed9ab6256721fb

SHA1
b557101c60edd10e416a8b6a5d54503cad808050

SHA256
29141e0b02114b92992f4aba1b05622d3cff8920c9b1045f4cbb5cc2102771a9

SHA512
33a9f7519d7c2378745d844ec2d8904f20317146751e8e843a20e704224969b63ac938cd594239558a434165cd61ca27d02bff05a01cf1a40d3bcfb68199dde1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9273593f2cb8e8e66d5eedaf1bde8e7d

SHA1
94cf851cd32f1b9341f9c8b0c4e2818356e53afd

SHA256
530d5bb69856e0d9510d350521f7e5d39bf0250c5aade3520ff87ffb008a9076

SHA512
60feff1c12237c4fdce32e3b77d02e5df6b23200fb9a49189080a7462ff72ad5b7e2d9c5fd0725c3af6fa7cf3a513c53271102663f4d81c9097e00166d9de097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d51d14385cfa7cdb723975dbabe91cd

SHA1
9c2eed86fd9461f8f6adf31db22e27b4100cde8c

SHA256
c15afee6bffb82ac142df50b2d0db572e42762f27888ef31a2ae8c290222e604

SHA512
0df0bba62f75ac207c14e20784cb132bce8a4270c5d6386b1f09ea5ba229ac1675cd9ad77f57ffbe97dd1ded987b00a69cf696d4c4c962c92173ac51057f24b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8b0bd41b8627e3c0185a11cdaa1e15a1

SHA1
95a7fb819b1e93c1a27a6c5b37fcad4f94229c0b

SHA256
5b85fea7c7c46e04caf94427dd02a5026b3f2bcb146457f2663da8897ce0f2c5

SHA512
7bc5255f69947f930676283b9954816d63412f0076ab94c02f012e9c39aa246845b6ae4d32956b34c0e675e92d68d0b5925929676654ef18233d66ef5d9757d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1231465e97e56ae5515ca50bd74df204

SHA1
805e64dd45ab473f7dab255668b16d99c6a72a78

SHA256
cfeae144d8818b3fc76f195d39201438923471428571a2c965f02f37bada0051

SHA512
c21f27ab315ecd8ddbf1baeaeb5243ae1e184d0a6daa213a760e991b1c29315e1709302a1756b6a41d29930bfa35ff6ee17328802a90e7c67b1b6d627608eb21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
08c6734e436a6add37d4aa6f7f1bb84b

SHA1
a1fa5b6046f14c0388fe347b7f40d59cb0bd50ea

SHA256
bb2e8888304ccc2073206937a7307ffb1c3333f00a7292f252dc805e7c78df0b

SHA512
5e0bfe71c89abe6340746d728788547173b4170a78b8a6023ab1881dd9dc96c58a5c07940e964a17752ffb2bb95a7b7b6477bca30a83277fe371b9599e09cf2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e60b8f0a08862cfdbb6b937d061b896

SHA1
4420feb9143151f51bf3c0da636f7695ed7e2154

SHA256
02a6c6f4b8bce0f5754bc6ce7d2d8d6d4610da968b5ab7925635d9585aa790f9

SHA512
c89bc6b6472ce66ac26c26d507b69abfd13b4231ad7e40afe17f46bb42d61292eb5e3edce6ab52635c312557d06eb48d5cc3c786c62e337cfe7c1bb99d9df9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5514ad812efb26d0c28e045945b74d9

SHA1
a0597b5ca1a908ee41ae85174ca9926103c51739

SHA256
88ad0b4aead36604e71a5c607921b3ce76e32977b794a34b742e066f2cdb75c4

SHA512
39e303ca0eac7b6c6ac7c00d590c54e503b4e22d53b902fb52889db1b3b1276cac16eae7e3d401514577f6922bcf8f5ca0275ae1b7232b8ca25dbd1abe1b6dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
60c80fc7bf0ff109124c7c8ce774f2a2

SHA1
9ddda1ac87f81dcd4ecdecc743d049faf7ffae63

SHA256
c581b08f7cd0f1ffbd83f1832391d839f1156a0a0e817608decd608b8fc09920

SHA512
d7844b6cacb697079cddb7864737a1d4a107d30eaad11a4d86f6c5967c58601860dc95c3069031e1487b73c0486648d2d4ebea0ad6ac28c1a9239788bb991302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b8c0f6eacd181ba4ce6addc8304d0c7

SHA1
cc7e2007a363c7be8bddb478b5f3ba4b046e509f

SHA256
20313d62c2e291d3535cb2f65858b2bdef9945010dfc862f946b5e025cdd9b51

SHA512
a4f5c52b7cb0949f11a7c12dc029670d8fb58fbd0776956ed51ffbb7c7e8f555a8b1c9d4c0a7a384510ddb5477129454c38cc227b22251c0a50d249fea022d30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f5941f9ac896b84eee42fdefc55a1794

SHA1
2da6be24ea1f5081735f48ecb17fb0f99d3c5a04

SHA256
73447ecf73f579ce57adef8cf17512843d20689dde782a0d4b42c3e12f81fc77

SHA512
5481806a646456762d751c3302f83e96e0a586ed156cd57f3fa015bc5c68286ce83fc6caa3ec26aee6970e6e48329191817290602e0790959852084f2f965e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7d55bb6da52d2e90788adc5d59363bb7

SHA1
d656d562633a07f8a9ac1a845590edb5ebfa1483

SHA256
7db168994f256500d683c1a9ec8715b1999a483db764e1d2e93dd50c8d1ae96a

SHA512
4a76c30ff23536fba010ac055b12bb89e63247e8b573bf91da849e95246e4a15c5764ce86717a8f4477496f63c2da02128d323db364d315cc5a434dafe73b25a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57becc.TMP

Filesize
1KB

MD5
dc8a1abf02fd96d99a3c13bafcbc793d

SHA1
4bf3e6e79b6417a2213c0e528f1b35f57b312eee

SHA256
b35b2171ef402c25d6f20cfe1a7861605581c9c5e6532463249f4c5b134e7be5

SHA512
0667e70752015aa5a76ea3adb3db850ce110cf97500c23b938e6b9e45c1ba44b2a920f367a9c093fbe8aee1d29eae974bae77e46b005919b24c0d7010b8d4476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e9f3162e176fa4ec2ec61ad4a3e2bf9

SHA1
a9e6b5e61ba805031fefed889d3e4116b436edbf

SHA256
5e74edd610859fc30d1e1f9b36d552e4fabb5dcd66a24e494a333ef69137ba2b

SHA512
f81ca82b52f7428101ac8e208276e6bd14aee0813a3c816d6c42053bda518c65934aaf27897e49326e5802c3b1a0e0df80e189a6728feccfba8061d9bf33cfb7

Download Submit