hxxp://https[:]/cdn[.]doubleverify[.]com/dvbm[.]js

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://https:/cdn.doubleverify.com/dvbm.js

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{824FD7AE-D53C-4D63-92BB-8E790BFE0A4E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
392	msedge.exe
392	msedge.exe
4524	identity_helper.exe
4524	identity_helper.exe
2804	msedge.exe
2804	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 2776	392	msedge.exe	85
PID 392 wrote to memory of 2776	392	msedge.exe	85
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 4164	392	msedge.exe	87
PID 392 wrote to memory of 1768	392	msedge.exe	88
PID 392 wrote to memory of 1768	392	msedge.exe	88
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89
PID 392 wrote to memory of 988	392	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://https:/cdn.doubleverify.com/dvbm.js
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff01a446f8,0x7fff01a44708,0x7fff01a44718
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:2
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4244 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a4 0x3a0
1⤵
PID:5824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
28KB

MD5
a877796bf818c5557274568b351b5ef8

SHA1
9ddabe8d09940d930df9fa205104ad7bbf4e35de

SHA256
c14e9d194ca8c7290748fe25e6f40052191598e0b1749016432e144127afb985

SHA512
590fff9440bcc9bd1c898742abffea8352de510476bea1764a5b74603f383a54d21c0f4c7fe29ce1b1a3eb1ab84f89edc972baba8f7adb09fe1f11ba11146731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
64KB

MD5
b3cecdb68c56273a9a559a2d966d7e67

SHA1
9ae2157fde228d8571bb5ec3a4d3e2ac3ae3218b

SHA256
69cbf6f57cae1af820ffa152a0ef459f25647175c7567f662205cbbc80e4aa85

SHA512
ab09ffdb889facaa1dc09e811cdc1ac1d1e875037572774e4df80b7d6118150f0a9baedf06b283d1c4fa9772ca9826a80e3f5cd8b2dec5e25463a77431b67f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
25KB

MD5
94f8b5ee3ed845c94d086493969e5231

SHA1
829e8f28bbc2fd673a6af4b53f85448e102ac13d

SHA256
4ef2db57ffbfa7e036b4f759451eaff45c9837f1bd79b9f7203b166c9cc213ed

SHA512
9d305fce9acf37daa3b796c9c4558270a9de6c83c16a8895a3aeb835b9b0e5525b5941eed8f47399fc0d5e3153ff71e6a370e44bc03e0e1a2c418e1b4405a4a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
62KB

MD5
cfa020ca66c38d717fe9da70815165d8

SHA1
127b15a0d8d5dc35996f9892bdd34b9c118b146b

SHA256
d840f4248e17d6c34e790cfe150d81bf6d6db3fc0fa8d82c36029e63db0df303

SHA512
d77a02f6e92ae56f7c17426d507bd61493b4ad11b3d664aac5fd08b9d91b3b06813aca72ced00030731ca39d602e670501713657f3d6cda21dcd7fc9721726de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
31KB

MD5
c58b2cdc4b2aca6d0b2c5b3cab3f8bbd

SHA1
3d22bb3caa7a2f4e4c58f496671c87f038641dd7

SHA256
453190c377780c54c85af5ed4ead80ac2d1dc805c7e5bd5e0c2a836f938e214d

SHA512
09277e9da5da3c0230c037977762d6a60668279cacf98cc28d40b1376b4c26209dc03ebe8a402f5242351e23c4d054098ce25b3f97f8d78853a0c02ebd848418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2266fd98d19eb8d3_0

Filesize
231B

MD5
2c11741a0b7531e483cad9f5b44e4b32

SHA1
eb1c6c55c614591acd31b448921dcd3841e25363

SHA256
cd9dba0a1187f6e23704c17b2384ebf89d795e76e1eebfc8bc84b6b8589e48bf

SHA512
c0606ec3e41a9315dfa6b58db2a413cb472649dff8202bbf0c18735e02fca948d29e628f6d3d5186727786d363637accff266b004d054895c4456318165723d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\351ca7b1a0360202_0

Filesize
229B

MD5
7687f25bce220ee36127ff2aa00721db

SHA1
e9e1baa055a1e422a2ba74c7ea7fbbf0259cf605

SHA256
0b0d853540928d7f7065d6a3c8ae6fe49d8a175013f79ff19d79b5c04b9eb5eb

SHA512
6306f240c8c57cb3750e4e34994116000346edb792ec41373f3cf6ee1a727c94d4cd5cf2fe23baa13229596860df365af8aca24875ecc764b570fdac30f631e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6ce306024cba5f8f_0

Filesize
230B

MD5
54f08245ef291e3e6b9490ee9d7ac174

SHA1
788c19f1e04d5beb70bdce229d4e0842f338d100

SHA256
14574d0eeca081ba742c10d77f530f575d8cd4998132d9ef6dbacd1117bab3b9

SHA512
914c04a94adf9287eb993c88c842589f0a03b69395189e9a034f6dcffaeb19f5c85c6422196cc8085ea6e406ef76ccb8dbd9a4dc5849d13b09a05370de917c8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df7915ed329a547a_0

Filesize
226B

MD5
feabd9baa800a1722c9b6b2924a5b5c2

SHA1
d569d99dce675e7d7a3b65ca9480bae0877b12c4

SHA256
b3f6b5e3d0cb0cac6cfe122ab169078ee4381464ce85d2539bc99d5ad28865f3

SHA512
40038c449afffee6a3b437ffcbb0703b74315da491fe82739687b6e1611ddbf7e31db8cd6114bd001d4f46a005ed0492637dc1919f4e91e27b0b66a1b96e1d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
4acc0b10c4b0e165b0d31bae740d60b4

SHA1
8d72a9356d09c029b1273dd1482cb0f83db0d8ce

SHA256
62a6c937e13b331aa5569112053c31d82b9ca621f1e9ab9d2408b7065ee515c2

SHA512
bb32e9e9863ebe51ba6b9c6752ffaddbf3b6e9600fbcd9e18f6472e6279b7cef1dc133ecc0f778c2a01cbf88b407bd00080c093aeced6936a4c17f90e04351e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
92a7f24503f9052e32c87510d24f9d94

SHA1
885bc8e73d3959770532f7928e76a320ab24fe54

SHA256
4427c1ed3648ed440612c6b21d524e536ec3cc658b0d48ce31a1385e9ed23f5a

SHA512
2b80bfe3414b7eb4d6f69935447a1daa29a9a70e8f57cf09585003ff0108659d60c93a154f265f1a1aa898e059f6a70c916cc0dd5c7798becbe7905e5f81662b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
19c98f2d3cf0df1ced43524157d62acd

SHA1
d71399d27009ad23b60e3c7bfa2449cec6d65588

SHA256
fc7721d36febd1a1e370f0922784cf40361948243999c5c9edf7454ee685a5c0

SHA512
1a992fe831445bc070b410e62c86c1d38fd45d609cfd5ed31f95c60ce7576e3077aa0fc46cd73a7b06dc148d90aab1b8bdcc5b9c71b1c94347030e1cc1f6d696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
59bb5e870a95579f7b232fbcc9cff0ad

SHA1
2eb0addc7bdb9646bae12e09a62284a4a746e044

SHA256
a0018891c4d676fcc5c54fd66a031f41a550574f5fc53eb533fcf2bfce405c88

SHA512
8d60458532dee5befbf6a54dd97d2b8296bf8b327a5f5e1b2b7d29a69f5704bf6efbdf77eecdb828840d0b4bcf2b09996144ac99aad57bcbf94163fb313225d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb091051b3ace2b69f13d9cf92109e41

SHA1
631fac9ab55ffb05dbed20de386ae19d6da6bbd4

SHA256
f04c2e0ead1aa9793f18fb34a4f191e12e68d5522a51562a7d21ef197cf818df

SHA512
4155ef809db64379efec07ea4b481dfee215215eb2787ad5c8d0f60532079135ea86378ef63b1afef5d542d65f8a909f24bb34e7e06eeb3ad4f97c9f615e2042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
cc196fb5f5cb3c1fb3b2add2c10fb5ed

SHA1
e67a0ce1f426f4385f23c17eb5fe2b849c21f413

SHA256
df9b9936069d297d70d665704468573fdd074c730f1884d8e9c4f684d57eab85

SHA512
172a5a8a39856d0be451321086e95a5dc79efbc8274b2e5e06e5e6e57bfc0b5d695d40c9f7d103bcb37a44565468373c73c789507d1e3be8de90f286bec6d784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
43a3309161705132fa5f0707d67a0585

SHA1
1fc586b5bb3aa23b948d4315b11fd32c5f4a0bf6

SHA256
dcf3e2bc3c9c16b619aa2c10bc28b0c2bef2f16c57582905e3b8e904c45ca323

SHA512
9522f5cafcbbae7e8a3792e8578e0406048f336b99bb9064419e8ced75b88d2cb1c281108a613a2bfa29909eeb56bfcfaf1d187ab5f57ef14eda25970adf352c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13c004bda5503b4d31ec09d0bb465298

SHA1
e4ce196fef61cc26a41e24939841aebf55fc52b5

SHA256
edced8952138a71a0b683b66bce9a24d677992d3af92c50ce925472beed80916

SHA512
490162ee389c790c3ddac1a5ed961a7705e083334793fbd0525260d523e44471da9964f9320f2da974c36a6917ae5a8016a765354985a06a16598e8983599f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7680f50a0e8d888b0fbfdd21fbda96b0

SHA1
a3369a6adc4bf5cfc014c12883dd2059b5ac7ff8

SHA256
aed3fead59a64b17e615ebbc46ab4508d7d5e4bb343eeefe743db230ecc23d2a

SHA512
fae9b9caf0806eddcb8827a630c5e3bd4d63d634896d52b2da183f07174df0ec045158b9488c87b6188f07aef61c909a73c894ba7ddef39517457f5ce095a08f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
9f89a963a96a01dda3d8bcbf5b61dcc7

SHA1
964bf072079241359db441ad2529798a0f5c2362

SHA256
df7fed5f8552003d0a18ac5b989541adb26e555d3e478f41a107497c450c4a10

SHA512
3a4f1d3cfd843938dc8341a13a623632ffbc719b88c076e8b66acfead957cc6ab0cd1a162750064acb16cc31bce43bdfe49e936d3f753aa68e6e5b3bda0a7c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
4a3f172055820f04944123233ffcaa95

SHA1
611a22b8db59e88ee2c98fd29907e8357d7762b8

SHA256
9531e34c6fb317ab40476435820c848011b00e7a248d9a8472a4c55542884dcd

SHA512
14a435f023753b85fd83c5ef5c65c5106e16fcaa8ceea9da42d8f40fc922f2b2121a24d091c20a4977a1d4b1f2d314aaa6c341c599c48481f97f664b99e68a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
7f4cac516d310b5655ba411091f5b571

SHA1
dddce767357dd2f31c69b3238cf00791cb152708

SHA256
67d6fb0c95f915569fab3b7baee00f71af4824abef1d9b145d55f5a699823dc6

SHA512
ac65077ad67fb94290da81c966151054fd9f7488a7daeba628ee5691b15edab119ec27f9d44dd74c88b58b12c73e9ac2a010864857362632dae3bbbc0481813b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
5d30035a5a5b47b80d65f040aec865a7

SHA1
f0721f41db8b76b5c1c9371085b8af9e039713ee

SHA256
0b82d93d4c24a6fae8b63e558914fc2e4576cdb62df06415c2d00eda12e9b03d

SHA512
644549cb71ae1796febe3fe087a117df7cc65771163163c42263d1d6d4d12e3be34140d46c12ae0b543a6b4e5183840caf8ac3059436cb6f0e24bb6b85c94b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
205e07ecb84d3c2a0c121836af2acb37

SHA1
33a373d0b7fa6d679281438f776e34fcca8d40be

SHA256
1227dc121efc8fdfd8c22fdba7c1cfb4d1d5604da41e6fdbfc3d0576366ab072

SHA512
0bb60a8e5a24ada6fdc66fac12b6177d3ed761b0c12ee532707f3bc4936407da845fd6319296e478483451004f0cfc901ab7b13624066bffcf76d8c4dc1c1765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ced9.TMP

Filesize
3KB

MD5
22b3862406836805b03317cf263ec697

SHA1
30cea0087a44ca1e9a71591e4d16b80c374ac2bf

SHA256
14ed9e06ab1e6e4f317a32ab578c1366c6cde76327b8cf46063415e49ef9cba5

SHA512
4e36f348c0d92a39ddbcd7be238500c02e4d9846178f3069ed01fc2ee0ad15eee3241789c28dec2a6c3a3c802ebbb7181d721442d96ba4bb868bdb44ac76ec7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a0dad50a30d67ae541d7eb8ec085e62f

SHA1
22ba6619092f1d6c998fef77046b7e034d0f41b2

SHA256
b1e1b867b0bf80b7654c7061e64eb41bb02897d26a87dcd8fa589cee10c94747

SHA512
a145f5ec06f0f5464a138fd2f5fe959328ecfe5619f7dd7214be9bec440a42e6710c443a8c18002a044458dd29128243a92de4e7c0ed191fab1ac33f9b3d401f

Download Submit