hxxps://github[.]com/screetsec/TheFatRat/archive/refs/heads/master[.]zip

Analysis

max time kernel
360s
max time network
361s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/screetsec/TheFatRat/archive/refs/heads/master.zip

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
200	camo.githubusercontent.com
201	camo.githubusercontent.com
202	camo.githubusercontent.com
203	camo.githubusercontent.com
204	camo.githubusercontent.com
205	camo.githubusercontent.com
309	raw.githubusercontent.com
196	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-399997616-3400990511-967324271-1000\{77996861-5949-49F2-AB52-41DB885D14DE}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1480	msedge.exe
1480	msedge.exe
2580	identity_helper.exe
2580	identity_helper.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 3272	1480	msedge.exe	90
PID 1480 wrote to memory of 3272	1480	msedge.exe	90
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 4920	1480	msedge.exe	91
PID 1480 wrote to memory of 1784	1480	msedge.exe	92
PID 1480 wrote to memory of 1784	1480	msedge.exe	92
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93
PID 1480 wrote to memory of 3100	1480	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/screetsec/TheFatRat/archive/refs/heads/master.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8218346f8,0x7ff821834708,0x7ff821834718
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2548 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,7608312847195372223,8941069377417891039,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7140 /prefetch:8
  2⤵
  PID:5796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\15adf48f-ba8a-40db-b655-3b38eb627ba8.tmp

Filesize
1KB

MD5
bf3730a16dd69aa65e779c40d646e1dd

SHA1
2c59a152d2a912b7255cbb80784ac967cf2786ef

SHA256
be83e86057848909214df418e0008ef438536e74d348839c326ecd4d6656a6b4

SHA512
5bcf9ba251de800f86f5cc6f83570774a74ac5f7b0f570787431a3915032abac847ea08b9f5dede17acb1d4aee7344e59bc2015a4df91e4937a560eb3f028e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
49KB

MD5
93ab4cf70b3aa1641a4b258c3fe03f24

SHA1
cba2ddecb8e019e6e5a91dcf867c6d6094f39b63

SHA256
d6c2f9f2bb35841cdb53abb660544e6e6f44e39d6542323992cc1c63e998fa16

SHA512
70fa907afd9b52ed54a3cf755e394c40a3ff7a83041540b435cba47d889c1c9401afc9fb23a5e879d85bed42fd5df40cd7540d428b3ee7a9cdc278a314770884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
24KB

MD5
43dac252d21bddd2477439e023621c6c

SHA1
a7a81cd955811fd15dad91f443e0880d7aa08d79

SHA256
fedd9610bd4c2237de2d9eebba3143424967690767ba25ca7ab369f7aab3bb4a

SHA512
cc5aac6a7e47a0548ebc9a606eff04d175e1c76844160069bf4787349be6fe897cffd1444f9c00dddc214502ebd5a8ab97a1527d219679af894a28858de40fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
44KB

MD5
1965b62e56b6d4757d9e0d74c86dad04

SHA1
1c1c809a61758adb130d0ced642d2d1c27840f4f

SHA256
37e4da4156be306303e3457c6a903e741bee2d8824042f941dbdfb8a1b762b8c

SHA512
228623aeaa3931d49192b2fa4eefa9fc81f04c1ffe008858801313914454b7443bb3dda2c01d8242e5e47641bfda5fb66b75067c7d789859d4f7219d35ce5fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
22KB

MD5
6c0d7b869b0581b57bfa61f385c2ea91

SHA1
c26d2c58a8b6cd2843ab8db8cd48ff8960bb9daf

SHA256
5c9fa7df7f446408d1aa91e9ab4d445b0be2ba4adc316c0bfa5a19cb0376b1dc

SHA512
11f7883bf9d439c48343639fd610fb7b1015179ea434c0aa5e3282f9eab24dbd3e5aee3f4fa8d65e130bf8938c10bf790f29b4c9f4f476f2fa7cb176fc4e191d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
63KB

MD5
aa6ffba997d9e6535da1a2c26a004749

SHA1
9ed525230c4bccae34454a71adf723fb7479b53b

SHA256
db0eecba023386f47ac57fef8a8cdab5f12e04637da91c13b81b8b60b43025d0

SHA512
ba7e79b263af9d9939059a28d7c73683f9cdb2c9a986adc54d8ad54d28e237c2b0f88010a4829392addb3be5a8d08923cd5931a71ff7558eee9e4b6007273d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
59KB

MD5
063fe934b18300c766e7279114db4b67

SHA1
d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd

SHA256
8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e

SHA512
9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
77a781823d1c1a1f70513ffeda9e996d

SHA1
60776ceeb79ed41e7cd49b1ee07b1e09ff846f25

SHA256
b093599957b103def2cc82ffd2d42d57a98292ace5a6596e3e4439a6cce063b2

SHA512
9aa66273ad419e1fc4ee825ec9e9fea4297139eca060572d3f59ed9bccbf2e1dbd03a006a0a35c6d37196e8297ec9a49fb787f0a31c3772b17911603eca62aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
153KB

MD5
ce9fe310a8b8ed92ae2c8472ff3b59ca

SHA1
59b1ef50b9181ea7b2ff15c6b3aee5b5b9d1e637

SHA256
886630a4fffcd5467a13460abee5fe70b262befa51b6353ea902a02e8ce112a1

SHA512
31c68e2fd65c6bad73ec409e6ddd9b1593bd3ad92ed5af979752ab4cd41bcc2f896a9be992c6ceeb232db9687c57c0abd3e35185c1e84199e6e87aeae84d099b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
21KB

MD5
aa89196bde59922b34da8e55666aad45

SHA1
87fdaa4e94329b7b166163763d04e2998c070a2e

SHA256
f806a5a13b3a6c04ae8780cb8bc1a9b405d4b1423f5dc83fb1f0147a6c6fb988

SHA512
db00b22a7df5c9c4459db7fe5d25ae864dff735d046314672431f9e0ae15416db7c46faeeff684e2256f95fc3603adb1707e970975bf125a391813d6ce96db28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
c143dbd29c20ffbb9088fa35990ccd6a

SHA1
3946ed3430afba9c007b86876605df898d33ab27

SHA256
8ef8f6063309447dc565f4615b2211d7c8341ae53d2c2839a948bbebf7ae2b33

SHA512
c53c88ff06f2e796aa19b5abd5eb4af52c73376cddf813cfdb52514c85cc1298cee4c08ab4322ee7d4ad67329250f77f2a5a1d6dc628dadee1fed47876363ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
a22bba8496b44ce03e78393762962309

SHA1
e40a5c761e2752898bff478212e73423720e62e4

SHA256
cc755756eafdc0478fd311c22224aacdd9422bb756c75e134bf7ecc12340db42

SHA512
283dbb5b1091232602b9ef06e0c1246c9928407bde42d6d3d88bd95a5416aa8e49036674e401f76d8d7c074ffbdc30b1c52f6417415b54e4c07d8b314d98ad77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2044d3ada79d96eb5205e80f8bc235d0

SHA1
3885449c555c44ff78dd098486053bdc6bede4b7

SHA256
d3e301bac958fe09222dfb73e2508d8bae6224d6d90a6c13b306ca5f3fe7ef09

SHA512
99b1f639468f9ab82c44a8b5cc8e9d613f632bbefbbaa5754c7d50b5cb015e32e68abb4a4ec035da021e977a0dbc32b1ee0988bdbc490503d08b2dc3041dac48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
156b8ceac90cb17900ec6c0b81488d77

SHA1
5dc2dd10223368cb2600c42836f527056cdc0b00

SHA256
9b33c156e4c41ccabd4da21f03dafff06b3befd02245a655115b874476724f64

SHA512
05ddab7ce15a0551a55a981736420722aed99a61cf6e38f42a3eeff21506672ba52f459a6a56e137b3270383d591b396631ecb9bc079efefd50529c55411b573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ee851bd7daabea7209658a561ddea4f6

SHA1
f1e495c4f7ecb821cc1930dedbdffd8521cebb27

SHA256
e6f73316b6ad5a184a93f7a3ce285a3d20485d63bac3d64fa323403404f49dec

SHA512
ea7ec74d59fe9920b0efb729ad59de30a70e4881fe8b8abc8b093b81bf0b8a656b85bd4b1811e3855a2446aa14f236d3dc8c56ce3b0532e7876691209d33140d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
833B

MD5
d2cdcc2f496ce164be5c3c9b5be166ed

SHA1
c08e62a0c9793a59add571b166d666e0f5304c1e

SHA256
a474abbb3f0b2054010fe9fe3bc71ab4bce977b153e1d921de1f921a14a430e2

SHA512
ad99c06099cbf75c273d9e5c89a4a574ed7c0a7fdf7f8c503352d954d397ea3d4c1deaf1f79002037d246a088cb976cf16f9b086d8538554c6eda12e3f7187eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
255B

MD5
bf5ffa32a3fc8c872f1ba9cd26c13f70

SHA1
516b838a8cfc6f81f58ab96bb4fa88e2c174402b

SHA256
7ac7c73b0356d3293c6967418ad6031f113861791d0698fdbae1be3b429ff28f

SHA512
0693cb651dc130999eb6323b5dc323934626e75a79ad284c1da11e4565b2fdd9f42b8cc034122f62ab95180a3d5058738b70c074e8ba1fffa6c6c1f612020a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c391d14e664fb624a4670e938dd17663

SHA1
4f5f1a722d76891cc49870488d45c822e7ba0f5e

SHA256
96ae3e9f25fa4702aea630aec0b1ed749966adb9c2c08a3386963e626c8eabc3

SHA512
82846c5ef9f3da0417f103afdbd16b70cd2313a63c87008b4a7a4a45cf847c115c787160887f83cfd14b0efaaf3e275554bc0061e9187bfa04063b62a94364c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a2926ce7ff5ac77d8a2b99732b5a694

SHA1
2fb2dd19c7ce5dbb5e43948286193aa729bdc8f7

SHA256
23c71a4f488668e21399d6f8e2df7b0101cdc92939077dd0c3eb9f33627fb7df

SHA512
d17b5fd6f231db4b61af7b530f74b6dd224fddfb6d796dfadc0cf25755a2e5cbef650aea80ce20d440479fd0cb3a831ac87d82daa676725dad5f66869405012d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
be2bcd5462ce3c1dada4438091f541b4

SHA1
b4700eb76127d24f34e745ccd1dd1cf31bfcf221

SHA256
18b58a984c0899e7e8ee41455d6bc24385aca8ea01d69e432dbb8aa010d70415

SHA512
c3dc5f6ebaac400f94a7c5312f4ef8bffab3e04d0b6d65651900e26fe7df474f21c497b574fd72a076e6ba2dbf75268842e922c1ffd700a8ab5fd491db8d7aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67ede1c9ab593949b653b4d7a01f100e

SHA1
5deec57a4e83bba354aa1090302fcf7602a886fd

SHA256
d6dce849a73511c9f2a1bea055f76c18fe16b3f6dff3ab0bb8171f4da78393f3

SHA512
608e571b948a285b9abf2656559679090676e288d163d4c9e7dc1309ad427574f442da7505976407a2c8e980854a287c6a6da29b2f9ad7bbd40be1dec001c031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e47e3f245614d56a1d99e120b997a368

SHA1
6fde755a2fd6a825a378ffc33d6e6958357d1cab

SHA256
2f8f9a27a0be984e80a3ffabe7e9f3e3a56dbc7961da74336e6d71979faac77e

SHA512
1f64a54abe81b4473fb966e0218aa153a6920ec4557bb9d76bdb15896af642b9ea658655a919bd5504128e6a1d212eba68c3c31903a35df9dcfe6d1fff7425c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92be6d4dd7f3f93e1e5e439a211411f5

SHA1
1f1e8c127bb21ce792871e2c8473a788b98f9b85

SHA256
8a2f95246ced57f327c5908e65f545fe40bbef3ebcc7c3bd15bb2ee8a2997957

SHA512
119bc2703b1f7a1e7e210d4075cb8f3f412ab97447dcf70bb82567969132b085babcf16034d85c2180a542fa363bb2868dfa2fe3c0a9b3b566d42d254848b9fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
48b011ef4922aa95f0760f241133c1c4

SHA1
ed6f051a390e437721460bdcd0d6bf36f12bfef5

SHA256
6aec8a1eb6387df8deeab6a16dba6e1890b5df77f8bd5435c06e2a5c3cdc1024

SHA512
6be5c2205f5adde7c1de7f7d61964a17ba504e4c53156d2cec1a426078783df7028876ca14b71e0d2a93b78bba6c4f54299cf2505a4c8229aa8816f591949cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
25dcca1fb7086dfd6a98d63f2ef2b77e

SHA1
3572237cac5f869cab32764bd1283cb7a84c09a4

SHA256
bde90d50a74caf97a790981a9a6c4cdda136057fdfec07ae38e2cee03176a8a4

SHA512
c8864417070ac7985f5d4c15453aca62c07fda09f1682daeb49a0709116be8ecbb14c3ed50f0c9a3cdd76fcb223a5d4570617213b244354a5d5ceb3ac46d00fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2a35622b3b2d67d44fd1c127b004f457

SHA1
098689d7ac1ce453634a3782eb1624bdeeffdd4c

SHA256
b30e0b7cc4f38a6874a0305321996cc1fabbb02fb63fa1217a511da66ccbe256

SHA512
1f5fb57eb7a0734029184a1a6307ae7430b9caff3bd958b2c473666ff52eabc8d601222bdb4b33a7588707e58f69e942ce4d59ef3593cbeef8b85fed2000e13f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
acec9f11334e065540f61b92d63e2a1f

SHA1
37c9c556ce5c033141f697fd5229d1f20717cf9c

SHA256
c4ecdcdd32e4cfb829e13381952ddaa7cf20183fc7a212ab514b6443bd0f3c6f

SHA512
5152cb3f3797d9cea96dd52e01480952e0f62062226f0a39765ec453a2dc3ea928c5d320f89537556c069ddb2550de98cf5fb940ea6c9d7edb76eb83a43507f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4fe8c711ad52a90e5606c8e9a806a8e3

SHA1
d065b81e0e86fb206ec1fef6141de73bf7bad068

SHA256
51ca7b13008197cf23dc192fe090a6c11c9543d233053a2520e79e6e9fcd6d7a

SHA512
358d0bccf4c5339e633024488cb1a7011470ae3b578337c763b1f0bc01ca09807af0b9daa9ad12733b67d9b7d5ca4171137a00b8ee27f1bef1272ddd176b1fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c6ab6e3186ee222e77193c685f6ca010

SHA1
749e7b8d408d19c2af3fbc962ae3d78d9faf399d

SHA256
7715a9bb671aa5ba0cf1cc1fa87b3dd4830553de862c57bb5bedea2ab82ee8e5

SHA512
23c5fdc4ee1c02e75130f790788ede6739a581181cd3baf19103dd7e61879dc4a3b5fb5437dff46d5e242ad5f63a2d3680d67640fb63bb1273599105bb73a229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cab572a9b0fe639d37b8702519d8f758

SHA1
ab6d0a3bcfb85e4482a0819723c527d2f41b15bb

SHA256
346614c6936509b4cf7cedb5186af2b8ae593aed5a39d6bd6a85b50d454de7cd

SHA512
f1c8ab8be7f467e50062a1599e523c4febdf277d899631a94cd0bcae25a9a20c5ede6d0d4edb20611b736509f7bfa1c16e4a23cff1ea0a862467188c96bef189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dfc8652f3932f687509513a19f9ad53c

SHA1
d0070f9481eab8b6ba318cd7f80cda87ab834fbc

SHA256
76dc8fe96df622c7862dbcf2eedd9b86e03eba40983ccf7a2dee6ada31f1306e

SHA512
fad5155025f636a9cb49f5739d881a8a42355e41c216ce0674c4eb77ca11e1ad41581ace3eb236e72a3056beea0b18332f55df3cd87f2b844b65ee2170030888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0cfd218f7b2003749d1e0a1fc512520

SHA1
3c5d6039dd05784d15a4f2e168c217409efbe8c3

SHA256
bcbbb8c1b9290d1fe09347335dffec0c75d3658686383dbf1c1f1f29b3768d1f

SHA512
84d2ad2e23f113e9e8cf680f896a5bac41a91d2712035cdb946b7b4b2f63bd41b2dbc77554e9aca697ac01de465394ecbc165f40548ab0eabd1f91203607abce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1283dc775be061b0589d57c7eb384420

SHA1
b136bd81417c48ffa061598af67421dfd00560fe

SHA256
08b2ad03d622dfae3c5bdc74a296c6653adfe952808ccc38bff45a9a20738d17

SHA512
a3ba03464c8d7774ff1a3d91294ffea459290c30fdb0b224246fa6f228d70006b093bca39c3ea314d88d826520271a8bf0db0c9d46291e24186f5aaa0095af93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb625dc73435aa7b26a117fee390e0c3

SHA1
07e3b5d145067c1bc5f4decf786d0399f9c73a04

SHA256
1b0cf73e740d34f5e49ccd4ca931e37b8ffa905a6120b8810300bca12dd36194

SHA512
cebbab4a1062239c946858ed3cd392317b4d7a7ca51f7ae930cdfa63b252153501509e95152704466422422d075f30f444450da5abddbbcc915206100c736e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5844f3.TMP

Filesize
371B

MD5
9590488e918c2bad449b4c6ab5a2f0f8

SHA1
c9f11b401206810226b1cbf130644a7079b01730

SHA256
518c468d9e542ae8510c4a5c43cb9150a3440421faba0773e7dc13b374e0b004

SHA512
5c53098e6c902c58887c9c093ed2867e79af20b9c42341125f5c0e29657dbd67ef4615e3361bc201389e1092173fc9880226e3ff6eb0023b20f565d560c30b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
360912f8727b333ba51e6c1381b25b30

SHA1
45b5e8ca89ae7be13444f9133411807d1b7b4a94

SHA256
af39f2eb0b470c6a2605477736cfa4b0ad8f0370f3b3566b3e1e914e3ed946a0

SHA512
dfdbb2325b96c049681b5f27ff804294d42e5faa591074904eadef87a169c024ccc396bcf523933873fb94d32206381f12417b68117bc4cccf8d2e5ac7f85355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a1dc3719b56d06918dd5fb02632155a1

SHA1
f3151b09b9eacaec63ba36e5a2ecff5d015c5622

SHA256
4cf2d51499497def27cdf5a9cdecbcf4251c3a581b9cbfea334ada35e83d8cb5

SHA512
d7edd928b63074f955bd8a9bdc391ef38131260978ad3ca721b5a59da0c6808093e9cb68aa796ee5b01eafa2270c64c5c1ba3327ca5c323975deda3a69816fb0

Download Submit