hxxp://google[.]com

Analysis

max time kernel
174s
max time network
178s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
11/05/2024, 10:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{FD7C7371-E58B-48B5-9F00-964A3CBBCE95}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
4128	msedge.exe
4128	msedge.exe
4168	identity_helper.exe
4168	identity_helper.exe
4876	msedge.exe
4876	msedge.exe
2600	msedge.exe
2600	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4128 wrote to memory of 4860	4128	msedge.exe	79
PID 4128 wrote to memory of 4860	4128	msedge.exe	79
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 4656	4128	msedge.exe	80
PID 4128 wrote to memory of 2584	4128	msedge.exe	81
PID 4128 wrote to memory of 2584	4128	msedge.exe	81
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82
PID 4128 wrote to memory of 2908	4128	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe69093cb8,0x7ffe69093cc8,0x7ffe69093cd8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2496 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8297254667577716562,1581156241267535298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
  2⤵
  PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
40KB

MD5
d03a73bd100338b51992a3ed0a7b7d23

SHA1
96c9bacac693dcc51a7308c3d8f3d984d1eb703e

SHA256
1027b3377c7ddac5728a4d3a82856de1ca7841829fa649a82bc80a9de05cc77c

SHA512
8d6bb19a73e9e5b3ce8db3344bca8b0e8f50daef432d0fac50e6797c1598e27f2e92a9e8c482bdb1916f0ea7e8754510f2691f33ca071584114e2963e4face47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
1.2MB

MD5
be529a907c265364aea60b32d2a6b43f

SHA1
4e36681dc58aaaa130238083d0aa43d4604019e8

SHA256
1790bffabda47de3ac63c09728874fec01d03bd240361e81dbef964f8ed179bd

SHA512
37e65201a514127811d0f92dce4ca096401af92b4c90441d1e0673c1829cdf5d47f513a63f8ee1593987ac3dd542f197654423b0fe24d50aea4794001356004b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0503effc8bf0d7f8_0

Filesize
3KB

MD5
e0ab9a8c9f02903c84a4eba7a9c40bbf

SHA1
bff9bcf7730b28a7f9c158775b67ccaa48819ae8

SHA256
5e1f07276deef7e687075eff90d5a6af6f392d239880d3c2aa21ab97de33d1e6

SHA512
4fdcd14ecec574daef53c3882c6c9619e2cb3d7c16ab461d7a92eb43a7b446996764d7bdab920b43bfe252a5d615cbb0dcbdf31f74721323087327828e8da2f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14de625fe39027b4_0

Filesize
5KB

MD5
0dcc8794e5efcd5801105149734f4423

SHA1
e96f261cbbf34a33ac72909e2cb22462e6435176

SHA256
51cbd481edc0ae15174ec3c40468de083dfed7113dc7bf4df9d11b51b05cac4b

SHA512
83b99cab4a01005ff202b9d4320615689da89bb9527918034f4527292071032ccb63725bf7a22ba6791316c8452f749777fb0fc93162351d5b16536103655b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

Filesize
2KB

MD5
e35bc15fdfdca5f06cd00e53a461af6f

SHA1
04f8bcf2b953832d7d935f0039e510b4de34e675

SHA256
88a9a28b6a005a1b9e34e06523478f5bcbc26e457c0c9a01ca6f13b5d475ace1

SHA512
e37a96a18dca24485f0c59bc886ea4c24a1862ed366781620f6a36ee23635f723e73ddd342fdceb95e285161902e4aa00a598c9c516430d20a7fd87c278763d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
0d4620be6abd9d8136c305637372fcb0

SHA1
18533952228d5f2ce74a5f24ebe2b5a8959a395d

SHA256
fddb6810aedc9551df3ccf7c6bb8f0817c4252d12f7b277c2172dda85b0c2f0f

SHA512
49db1da9dede1a995a566953d29124107d6e4b985b8c599767fe1efe1dbc82c59df7e06ff0425dfc85b1a0bb05f614bc7ec604c07b0b49857baf95350c064e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c2185040c52246c_0

Filesize
7KB

MD5
e30b243f03767a487a29fc78ac441091

SHA1
72816bfd327e1af4043b90f3fd877fe6625c68ae

SHA256
24abec16079480fb52d9b59ca332787e7088d77cc65f0cbef9d33a9ac00749a0

SHA512
579fdb891b014b49203cef84c5ec37f17689d121f26e77d1d05fe47d742a2727836a951de2ecbf0b3f72f9f3fa89149906a7be0b9e8fbe40bbaa39faf125e223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68d07aabfc3db202_0

Filesize
8KB

MD5
c3868ec4634e189a754af0795c3f4b19

SHA1
9f3f342f23536e91f43a01c7dd42b19c8c7583c7

SHA256
a11849d9f0264b79ae75c83d5c9a7eba91818cf79bb708ed1db48d6cdef5de21

SHA512
e4908d2780e8161fcfde956303b4f742af94e55ad40269bc69abac2aaab0d6a638b7054b23ac0c55c935215bf8b0635c3a564f2b39858bbf11b3da93495356c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
13KB

MD5
4ed8f5a9c4e557a97d8fd285cf1d21da

SHA1
44f3d14d222a08f44132447f6c6e2df8254e0272

SHA256
079730b29c03b155cde98da7a85d74264829062f3a353c49c4c255b7be74319f

SHA512
6c76432c76c128eaa1b8eccd6f62e59773478918ddd99e7eea49f9629e9676d994891ae0ab724d16e24ebdd784f295f8916ca2bb512e7765b567b5ff09562d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
7784160425a6278bfc4c147bb3ce0c81

SHA1
e10d0d312173ab6289bfec525243d948a97e1a5e

SHA256
a34676faf04ce31131ae395f54788d6a0aa7d8ee1258c8eb9ba458d5e0e422a0

SHA512
14d8fa3065872972889fe667d7c6d1fd10df39e08a9af31363b86981f23170f96b40a7daa1e464eac9b8c48563cd96659c36d708d05fb0c7cd5cec4d7fd3dffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
2KB

MD5
039a29a3fa16882d7c8754062b835354

SHA1
620d8103ec756b99295d37a1ba674cbd344fc524

SHA256
49be428d02a7207d4bf48e2812ad4f9352c598d294b6ed2be5a6b921a5ca464f

SHA512
f20c5b15f531cf3935b5563be1a1b8b1f2f5cbdc84a1faac695c9e03e5f9c32f1b4b531fd70dd14599793e510e05cd941e2b9a5ae02f529843c19cc04ab291f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
2KB

MD5
ec153cabf9c4ac4e8faa5a502139ea87

SHA1
92f9d1db31a89c04533df30982cd30cb2c8da866

SHA256
ad72cc397d831aaf3326c0a9db3bfb8cc0c619e74c5e2d5f4c09766e9701131e

SHA512
ae12cc32e8927755524c272c127d6169b5f43c2a2a9f766c874e9e554c39c356f787a89ddbae87423af85afc833ca5c0a7688348390a8001ccdbbf672f3bc710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
5KB

MD5
60e8d476703cede96a127cc0e849cb4f

SHA1
295fa118fe0905ccd967026f050c71cdf86d0bc1

SHA256
5c16dec766e560d117154a99e1d1211b6d0620983d3e6f9dff45f4cd3827610d

SHA512
f1ffdd8e84c17507c01d517cc2c5d84c17c50965361113d89bf0626b6a6f3d22e57ee133f454b2d7145b10f1d1fe496a3ce565a4a579ddabb0d709a961f3afe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b0285107134e229d_0

Filesize
13KB

MD5
c2cf6ff4c7e10699123b0526ac1fe185

SHA1
cea9f3dd22ac04c0c8e436ecde4f258209759cf8

SHA256
55ba4df6151e61b2b64cf49fe2a122f804231e61b396c050742a3021f4071238

SHA512
fd524a6d731a5fd87cbfe413258c90968b9ebbb907ad9e2161d58cab877c9a88186642992e9a4876560d5a9e3abadf1a938696e697dac4ddd48b95caac68214e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb2dca5ae247f4a2_0

Filesize
4KB

MD5
8932e2de5946630456e9f805f118c3c6

SHA1
4889f94d035a0d1bd300b02d0e4d843c7c58fc2e

SHA256
1f7e272693e6847a3c13ddd660bc893f9350787037caffd5b26cd3e891a792c4

SHA512
4de1455be0c6f8251e0e17a351e705098e40687058df59e6d54fd038d34cfd6c00681f3573fdd72411e1092a448805b2032dca13e1cd2a20a32f5d8a37e99a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
3KB

MD5
8bf286cc7d881db7c39a76508e8e5d9f

SHA1
6681e8051b9ca5907eb1c012d157ccc645433a25

SHA256
4564807670507555008dbc9fd1b2fcfc4ff1ec65b88a983ee34c0c85c0668126

SHA512
33f0c7f5c13f7790faaaba9b5796cf87f0c50a9f906b9576f54d90a2fdef5b66de76e99afafb80993bb06e106c545855c1d155a9b11f5e34e476b73aa5beaf20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
5658047843852b6f378ac6405719ebea

SHA1
109848e8d9c50508c572315af081b71aaef9ab1b

SHA256
4476df9e5a31dc979174736c63a00c8c04bdb925f646ba13d22d55a0d199ca1c

SHA512
a6cea9f20e00c764bd6810b23032ee5b49b13e34b702be772b3faa52ec51b21cedcb612957f63974f16b17acbe5e00a529368f341945b81bc2bf6d91401eb27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6e3d2e57919cc8fb0d7b6b27dea7d72b

SHA1
7646382bd3a0cf00f20a5985772f102ec66f35a8

SHA256
21e533dcad011cb63023b9078f20ae300af7bae2ab33a21b6210136897b66fba

SHA512
23951620ef2e34ac9a83bc85800cca86905f9f1bb2fbde35034da4e8d08be37f64df43a01571000b6e2433a87846d18da10fe3ac5af9e45028ea022a1620508e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6b169193cb699f85808862dba1a9ba61

SHA1
3a1d4e844e5e703fc4b54eb9c4f25efd72404c91

SHA256
6efeb518bb636b39a8d5e60d7b3778731b4511d31c4e928637631add16dd0bfd

SHA512
97e7eba5690915b76f045c024a2a21a8efd35f77fca465b11c975ed36749309860b6e3e7c820e53821310f1cf57c2613d0c2719906b9f1fe8db3a68aef91725a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f9bce29f815279bbd95db094accd92d6

SHA1
7aca9821b84d7f3e81f7937250d98aa9d66c0732

SHA256
cb8aa7f0e95d09461319e3e07e64b06beea7a45f7111388409a8f0f7f19406b7

SHA512
989be93df935d9319dfbc2d5aa0f89cc0498f7e69749594b625847b575fb6dcbb4b7c684282be164235a8aa61fab4d91fc299464d380726a58016c270c1bc437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
648da9efaeaaf5be62e9bc92a69915f9

SHA1
95d6dc3ca52822bc333f7835ee3908ca723ebbf1

SHA256
f23586d049c3ed9eb1e247078b078e82de43f26a1290f6e6e281f1ace0e073f5

SHA512
c64e420099891b120a45adf559e5e675a15162dde7594589633c64a8af88e3b76d7adc5f09690a3d4e62ac9f7d03089786a8b4bbb280f065fb8a9942e80a6dbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
97551308248ff2ebfd38dc9edb205329

SHA1
3996081d357596e8a4f6b5a3c02e8f16e0e191a1

SHA256
103acd794c0510d98ef08af1196962a8eff04dd00ab46c0ae6b9dbe556e2c52c

SHA512
c8e96ea5c97ac85c4c343a5f7ff2ff165bef5f7064a4c52c859ecfc92394be33ad20ef702143162b096ba8c73fe54d83221d52728b48efa81c2cb36520aa353c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b7058a48fc83e1e9a7f07a326775f052

SHA1
c0520c8669c82c5ecc9397f8eda42da77cfb3f5a

SHA256
c1c13ec6d900b88c6ef86828c56fe010e2fdb41b97f4bbaf9b3838b5d4e60d58

SHA512
8602507e713e0ab06e164c03e3f694f69187cb717c7f2c428f1832df4441e36860ed2f60c7a1982cf40d2e78db790f546641100ffa948b5023a66e8818db4db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8ab5da192349020f4ecc4003f0d42825

SHA1
787940e2801d5b0f8fa929c8ee1d1c48989dc425

SHA256
7089b64e8a311916a70a90affe57745a0ffe63bbbca549bb4067dea39ccf4520

SHA512
8fdee6c52a1ee7a4e652b539f413c54ff845134ade33b33f28fe77225ab4cbdf0b26584d09e4b9a76d19fa96cb058cf27b48d9d57d2d2571dab4c24bef055dcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27c3fc2c124e619ffbca95fec51dd889

SHA1
02752c7e854688121dd27086679d77c20317d3d1

SHA256
0c9d17ac668f19b478e1d58b461d8d41b796c4d39817160dc576c4f03895851b

SHA512
9368f3cca2088d24f4b00a5873fa319a08e2c8d8e6d48d89fb8f1f78a78db949db7c85d5c734c57757e97bbbaef4972340566a3ba89232738cab6ba818c71ecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa08b5f272b3c7a7a061f9a7ddb677bb

SHA1
2f014ef7a867c3fd56dea2420845842b089ac604

SHA256
17c13cea3d7b05d80b446f62433687542db8671c7aca852b6d24bd5d4497f20c

SHA512
6d9e1eeab636aadcea6daf13fe7e364a1e183ed5c92f45c8828fb11f9a90b11affd0f5afa9e37b7c568f827b6ffd837909ee9b15bfa97c9be464d9c642dd1036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b963bf72020e225c53c7aab8c3983e61

SHA1
5a93053740f21f61a0ef001acf9164e31d7c3d6a

SHA256
42e5d1ffe138cf56233d12a2d100267680ed5f578d4f18ac7939a9b46e7ccc02

SHA512
45250abe1561554d73e57f5415ac6c8664db5b76f42820d92a981e0e5c94f013d979ee2b736e177f6f4a900179cccafcd253c4bf8aa9bbe19edfdcc882003138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9aec456991396917083c04a01f5aa298

SHA1
d2db88a77344d021e79cff6dadea7a200de1a8f0

SHA256
aef13ae472b1278c9d5479840b22b096ae1dc2904b0e92042f2e8c6fb0b992db

SHA512
deba34ae4f02b9d8f8aff5365729682e8181929405fc9d36d06f1b072aa845ae28646faea40a4311a425c32ef93b7f0b1a0d3b53f66f24728779fd7ad2ab249a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6006d952458ab0672c3f49b35255d9d1

SHA1
954d6e293e4f81fe11b8e9a93d66e7d3eba0198e

SHA256
7c888769aa39fd400eb777feda2bacdb1dfaf70e00a2047af5c28687188e9527

SHA512
e1d40b0f775bf00abeb61ac378c646ff7626d7641209e058286155133bcc99a6b237c1d499f5fcebf6188d572953b247bbb67506f19a94ab31cea4f75921855b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1fb723a991905bcee868125226f4a4d7

SHA1
9b0dc1bc584f78f931298675fd30aefb187c2ae4

SHA256
ed765f604fbbb2841b94700f97ea25b402907564b933f9f3d297d55c5774a282

SHA512
7181ab26e629874bad62ad92d3d76f23c4001058fc70850a1422e6afa93e90db732f0b9a92477e317651557e51018ce282929ad0a468cf57d822f30414e67908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d9f7599aebe912e638a9d8ff825b4b09

SHA1
5f1c767c132bd0d33c27aa836829186406e8770c

SHA256
b4fc98ee01386413700c948494695af316742d0b24372b5b6c351eddc0e83bda

SHA512
04f5f60f63eaaf417fd6436dd182fec314697f0d259708c83b0819a640fd0b3f8a9f05bc07d10c4ec5b9ca00c56e6ec4a77ec9b1e871255967587e1be2652dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1c750fd5070cb5c7998e55e3c813a5e7

SHA1
9afd55e9179bec146c3b494512397d62f2ba38f7

SHA256
85e6b8c5ddea076789b1fb414183782fe36d0c8b937a9d209f0585b22b967eb7

SHA512
a75d4f1d4700be8e68cd9976ebc555dfdcd3f312465fe7fdcd1b3d3e0efe16f675f61feea8ab12478ae66ffa298e6bc060329850d2b097499d26bdc2ad7120dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c35f383dbad9a698f6272e479a36ba1

SHA1
75185e05d9152dac078142121e7b845ee3a2c00a

SHA256
cdef342cb109cbf1bbcd41559a2316db4a5444e7e048fd48bc13ec16801b7265

SHA512
b59d8dde27f49dbbf92109e2810e117af67de1bfd4c0089b8db94021c9da0a85992915e9a225e6115ae8b3c75e9dc0d1c960c0d85b6f8baa91102515df47432e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
b2c766f5a3ad285b68eca77aabb7f004

SHA1
3ff05fa315e8d7db9a4ff3e7e1cd380e843e4730

SHA256
7be403d881f0f5a9e320b47050d163982195074906fd8dd3ad662560f3fa8fea

SHA512
6613b86655d7a1bfe460b187188628918dfe38870d08d692bf5d6d420757487ca82677b150899ba08295f9cb6c41871362c70d61b64b4b6e0af2110dea4d5230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d8de474914e9461ab16c68485b09df7

SHA1
4782ed4e2bfe2454b2c6279255ae2cf613070b65

SHA256
3ff976bb2a449f6fb2a4cd297c7c377ff2fb812da0b58ffba0428ca29733dbab

SHA512
bb575935b87c92c755847c1c017c775396a8b596d90fcd8f932a8a9852d8b086d5a6d0babefdc80943ced413ad7ec6b8c055e96aaeb72eb4b4f6a9557bb17152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
737f800740c5f5beb348d267c9bedb70

SHA1
3ae65beed262004718710474587a2fb41d2b1bb4

SHA256
1f1092843df931f5bfa0fcc9ccf3e752cd157ed9a637a2af3f11e9c88a77c799

SHA512
ec0a053bde9844581ec6675108e5d7744305d844e7e08957b354d2f3f74d1309f31b04d3cf3a1dda66249ad965ef4918641f2670ae87e9452a22e91ad17cb8d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
7f95ed528722090789389d687fdee9d1

SHA1
382589fbed0b754cb51a644c37a5d241fa135f8f

SHA256
d3a1e1254dbf836138fa8939a17a39a147061134009751f59606940382f52946

SHA512
85936b7302968b97851bc515c53780616660a53c9e6cc58d9bc09a6d96aac813ce1068e94d0f0b2aadf2dfd3a79b4007344901ee45ecffb9b7094d32e820155d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58022e.TMP

Filesize
204B

MD5
cfc8a6cbfe3bdc9e04843123bbe63135

SHA1
2298c11e8bd604787ac6186d5db495dbab83cc4e

SHA256
6bf7f79239ad65711ff94fffe933e6c77f38fcd90b43e85d6488236702601eca

SHA512
646bcd9643e08358e32a041006bf6de2c37d9c3869aab04c9aa95738df085c01eaab6f7387bb2b0fce63502a81a82bcc5b142dab084e24929f7340d5ae86540f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bed428e7-cb74-46be-9c32-0f72d715f904.tmp

Filesize
706B

MD5
86676e0cb5f647a52c2dc32e1b1d909e

SHA1
da3067f430314a09683ba84e7a6f652084233faa

SHA256
389dde5b64d4fdd8c33d64f1439c105f93cd2c46bf89c160ccfcd0986ab2cb39

SHA512
31b15a2e26f116fb738ef79ee7e0bfef908f983b93e90868e422f1853b7f1ac08b387ecd27b135d5bacec294716d625c3d270714ad51768a51496d4b8b182692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
625df0ce075549d41fce1fad732c2b5f

SHA1
5df93572f656fe106d015a7f50280562df9fd620

SHA256
2c614eeaacb3d8305ee41e7fa20ed4c55c66e871bae7798ef992e6b2165ddb91

SHA512
441568f89a0d32ccd050b078e49f0c6466538050be26559d11cbd8790838cf6f5be38b8019e4cf2002e468f9fe6164598cf6a18ae0bc4f0c22688f8f16f8218a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit