hxxp://discord[.]gg/address

Resubmissions

23/05/2024, 12:09

240523-pbe99agd48 6

23/05/2024, 12:01

240523-n7ccssfg71 6

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.gg/address

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
17	discord.com
18	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2539840389-1261165778-1087677076-1000\{FCE2A163-57E8-4201-95E7-EB595155F222}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
4004	msedge.exe
4004	msedge.exe
4552	msedge.exe
4552	msedge.exe
2480	identity_helper.exe
2480	identity_helper.exe
6000	msedge.exe
6000	msedge.exe
6000	msedge.exe
6000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4004 wrote to memory of 1396	4004	msedge.exe	83
PID 4004 wrote to memory of 1396	4004	msedge.exe	83
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 2920	4004	msedge.exe	84
PID 4004 wrote to memory of 3204	4004	msedge.exe	85
PID 4004 wrote to memory of 3204	4004	msedge.exe	85
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86
PID 4004 wrote to memory of 920	4004	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://discord.gg/address
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb2aa46f8,0x7ffbb2aa4708,0x7ffbb2aa4718
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8696 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
  2⤵
  PID:6536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9228 /prefetch:1
  2⤵
  PID:6544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:7156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:6256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
  2⤵
  PID:6620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4556 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,746521271993699801,7789063437165049262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:5916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0062ee82-10b3-44a9-95d0-95ea736511b9.tmp

Filesize
11KB

MD5
dcdf821b2799c561b5f74f108b61ffd7

SHA1
606a4affc1eec7f21fc09ef8ea4d1cde2666083c

SHA256
5e45fab1be53c912d8df03ddd3f5042a14b278740f29df013a5925fdd09eb9d6

SHA512
96c903d8d627c57f95a31a70ae4b0f14b63eca8908119ff82dd28bf4f17ad57401843885cc8b3bd14513123693ba1eef1a994d9bf97ab58027626c1aa645d882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
36KB

MD5
d7805389fa1e1fa0de99ecb448b5ce2d

SHA1
a52592f0313b8d108eb14f9a2e21397c99e5cada

SHA256
7149c7e98216bcca83f9c9e54fe8c8023eef3695a14c7104691f439f56b76438

SHA512
792795a80f44deb10f1caa495b5a2ca02027b574b889714956937158ab3355c77a41e38a9292a0baf18892462f96ae1a3a5bce1f0af33c6dee4604f8c2e390fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
40KB

MD5
0ea3c40e1faf37122a20a202e9b52714

SHA1
ac0d594878e4160c112d7f70b5c680523dcee1a4

SHA256
ad3eac09f7aaaed3059ec039ea0477af10919a4a9be9a8865dce7fd34776c8b0

SHA512
e19363456375a8b1a0887af217befabf3dfa5c6944b9b4b62a04d20ce6e5649af4309b86ecfaf061ebcf243011eef123c3f75ebf2dba32d18ce28140adbca52d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
1.2MB

MD5
991cdad1cf921ac5ce995a0ec9b6e312

SHA1
a3fef88dbfd32034daab4811e8446791d2481c6c

SHA256
a2590c2b03e01f0ef1181caa7c78800ede4255186ae37c1a28194698f8f19324

SHA512
807937d9f9bbf1fad83784ee802d40195edf45dcff47d11ceebdc83bd3151f773f1e36a8e8ffcaceaea707dbdf948ec0f4577f325739ad9d4f63fc6596a341ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
64KB

MD5
d84862513956cbe61aeb4ebbfdd3355a

SHA1
14ab269df17cb0333b1556ce120d587324479f6b

SHA256
a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5

SHA512
d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

Filesize
19KB

MD5
b776233322697ee26b8834e35359764d

SHA1
327a743d304c4b27f243a5d4738c401e5dec3e24

SHA256
15e5a253f62978e07e4823d23bb97d956099ccde8704fdd38aba02b11cf7e40d

SHA512
73eec5c89887b99f089c610826dbe273a86f9f4c0f5f0f987d87b7d9ed12e78a1cb5741d30d23d21aff6536dc34a1258cb3eda9a811d2294e96af4fcda1637a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b031cf5733636a53e33d6eba506a713f

SHA1
561dd4e4ef0c25641907efc3ac20484ad09ca513

SHA256
761b2514db985ef079bf7fddc7a227a2acc6898a28dd6a6685e19e3a3760daee

SHA512
347974a49fadfe71ba4f0fd8f52ce06cb42c2c7cccbb6b61c1f9c3d05fa7bbd3bb3791f0690b5fa224de4fddf8cb0cb29842bad001869e2dade375788e7272d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
1cf09e1ff275b827e661e2f527516281

SHA1
c8144f8123c9441df177edb02c5234a2b52c4877

SHA256
e0274348abc0e20d055a7a58eb1f81d1c62415d7853b09f7387af43d0ea38274

SHA512
4e1830ba543446cd025ca467e8b65547c19a71f28883c479680433fee992cda79e2a96230742cfa98477f0c665d60f179288f15cebbd4093813fa831a1631dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
2186dc5d0ca563503a29ca7cb212578c

SHA1
39e38feea20bb75078bf42bbd468f605abfe34d3

SHA256
88a03657f3188429094b883f26a51f5768554d60bd1bc8dd097a2a7446ca30f0

SHA512
8d750628fb0714e773950d4a502c61ddd6f912e61962f73ae58e6039035cc94e95b119040aab46d1e9748bf659fb619f679a1c05ebeadbe9845f379038152333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1cb8780a920e919e92658688cff3ab88

SHA1
fd0c5e736bc720fbc7c53622eb0a552cc26c120d

SHA256
d7ad9918b9ecdcb9dafa501ff79f899a11482f33fccf6e9426358e07658eca88

SHA512
3e7f73d076eb0a97c0dd28818b357ee34d86506417ef348087e5361765a451c9e21105240ddfc5346191a75706c3ed52b94941eff081206d0e19c13807a56737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ffedbdc0316f546c81d4c2e0b32d58d4

SHA1
617818968aaa27bee57cef6919b1f34ee56bf930

SHA256
ec4deae98d659273ba9ae1d244b77854b24e3f8ea147101ce57e098889996c7b

SHA512
02e03739b2aabc5eb4651f43d30a32b26cf4329be915bfe442c9ea2e6a5c5c05eb07948e965541aac887b4c3305eae32b4e8b90a87db48b48ab2889eaa4bb739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
dec0b6c729979c4e51d165f0706d1d3b

SHA1
1dd7c0560b3011028ea9e97f0a432cfeab3c1a29

SHA256
d3614eefcb999df6084debc0f721f78f6c4a60eaabce8bfb71771ec14612ddec

SHA512
6c61c890f8adcf1a702e58705d8d459eea2e84ee356f93c5da76b3524b4587e8cad63760380d54a8d1857f737d4a3727808d60dcf63d6c91abbc8c6626cc9c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
126be8bd939bc13ada8cbb104dc40e66

SHA1
1b8cc18c798bb59ff2552132edc92a0a24bccf9f

SHA256
587a9c447e4b449e9126c8c56e25d764d9a89bb69b741e266cc3e0aba77a34cf

SHA512
3a73d51e6446c2f7d15f4a85fcdc81fc5ce2975a9743f6169abf26da57c9c2b0e87eadbc4fc596c8fac0c8e6a79e9f37fcf2fc1c91d2250844b53cb75fb92b70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63c1c816b196f8631f64d3d85ce97134

SHA1
f338a7b9882c98c23cd936d851adafb31e984393

SHA256
830014e1742521b849ff2203088ef384c6effeae95561a370388310e6c967881

SHA512
a76c5e5d07b4d4764ce383d0d6e71ab313c143d17d0503c287d39b8a99ef851fe351630a01bcb8ffaa9dd120ccebf80ba7ccb213727a6f1b0ce79ece2f747d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
79467c67f2dcd9ec3f683fcd1317f21c

SHA1
d3ad145a38c61876dfeb8e7c546acdfb81c953b9

SHA256
28ef09c3522b3e815f62cc20fa48b39a6bf8308182d3dc77a65fa72c37ced517

SHA512
0c563216ec6183d11c579a9f1bc443dea5392f021cd9cb2a7036dbbc380c51683992a4dd3dec66678c498b079389222b6f098828daec01235aab5b8b4890444b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
3b21ece782c4f968a5837b8484a688b0

SHA1
583f9dc530010dca195a271deec45addfc3b429f

SHA256
b6c06ac4c7834d003917572b07cd9959b21aea4fd81c4f5316ad54f7410eace4

SHA512
9011150ff8c3bd6cd2ce66b1aefb7c27acbf408b300f7a268a4ab89e29e94c76882d6dbd63fbef63df468635f9e7b5a0a04bacaffd777f371658daf1db793183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
d72195aa28a5dda7e1f4f129971f5d4a

SHA1
4d62157a9933c89a996875b3f4c711d72c150004

SHA256
4dd6448ce8ca52d25f1f592b178e09b2638790bf56af31d1ceb0278fa948134a

SHA512
7969a1ef31ac8625879f257329f05700bc61a75c66b4b2c80529c593c4010840d523e929b68f0e0527277a56ef65b19872d879748ad0ba162d216432682a0caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f15a20993eddad0c897445afa7549293

SHA1
686009086289def80e2c7787dbdb1fc0580307aa

SHA256
057e95a96bdf52014b2bf2a4404dfb2ca624dfc8de0f90beb65d8bf09f9fb95d

SHA512
d540e92b800eb8c7dddb11ac22dc4894f44f5661fb3191d03474f39fc90f60f606d2d45a93aeba3d84512cb90238eb64853ef8c51cc19b718b4c4e4451bb539d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
7604595ed7034a62b2b98abca5f09a09

SHA1
cdc4bf5652db57e6ef66daf248b07dea52442d28

SHA256
f88352fe0c90bec56f1e723a2c82cc8b10b19f561f6ef5a277154eaacfcc1022

SHA512
d955e9c811e71212e524f913ed85cfc8a2b133687eeaae2ba1a2e5e143507373188b4348fc043596a16de6633684f2e959c9f956985ebfc5e8c0635607d6189c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d03361b951eef1071889fe77ae0940fe

SHA1
5170223670084721d9e6ac97bde11be56152b70a

SHA256
d827ad3b4540e2f7d28bd099ab6976d4762fa95e4ba405da6d68246cced0305c

SHA512
8aa316b4233e8218b40170d60613db37164f9b3c54039f04b206b2a1421b264b724851524735b5477538de9584ee017fe0fa923fcec03bb22dd66910e2990814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
1ff02161440111a71d18ffec4b447ff1

SHA1
bec3674406786a4245e103c631bcbeb37f6c7539

SHA256
f04a872519433c1abd112f5be9c39e552fa5f07994b77dbbf0dea0c29f85126b

SHA512
0910fdf0122926c00529a01dd7b43810e848197490ddd8ae8e063c60bc403b3fac09192877293fb2dd1ea1c27703771ba3c200431dfd38b28d7865086194045d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
93051a6d1f394f3a0ef91f19945f9647

SHA1
5f865af669e05f90129f058bc3ee36e7cda695c6

SHA256
8e8923f9ca0559c429da595ef4beacc50444bce1696cb0ba8a1640cd4a2ec62c

SHA512
94f47b89884543205d32e6ae05674f65dcd15169d458636eac48b5a0583e2122eeb1441729bf252ed7d93582d4404c993c65f1aed29633f2fccf593f4f11ff5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e13cd764881af72202533efda652d8e6

SHA1
d0071b57b2d99e270cd4c79006af91e505a078dc

SHA256
7eba015602fda882de9e055aedad3a2e6c2cc6d85ce9c2e291066ae1b97c8cdb

SHA512
9451e0e7cf93efd08fadf6a07788cbe6dc50117e55e612ba62b3dced13ede1c75c24fb0809f3076cd03c7a1c9587e5a03db99871c0091370c76ca06bcf5a8e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
99b897207268b160c17c4e9c52bce46c

SHA1
1328aea4ee5756c08540761618acd81ca0c3445c

SHA256
edd2f190b79580b496bdd411c86ce4e5120b0b470a4f39b8c9907e5ba5ff9ebf

SHA512
a68909378c12baa9d91e4d3cc02ded4642cd1a597acbbcde3384ff1991bff0b6466b732978d6e6d1a769c72d4033c23ddedf2358b8d43a3aba5c960ae29688a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
c0214761f5d176d88c4d6cc4c136b94b

SHA1
2c0ca47f0b17f6c0570759aede5405e019511a8a

SHA256
3ba9b0cb7dc57f3f0e5374cd55e36bf84b340b25558189b029fa0a4d2fe38022

SHA512
9f430a86978eb231523b4ab7fae4b31ed0fbc7ae3455e6ef261d2febf0c59950f51a47f4bda41dadb0eb4c1040497cdcca3fc537ffc1fb6d77e611d2bbbaa7ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8e0e8afd6296497741ce7a47fcf04e8e

SHA1
caa90bc058a2efb14e05a952e6c43189074ecfce

SHA256
8c82d7d8b4d64b24e8aa4663ef60ae29596f38cc15a2a31d3e484e15cff266ca

SHA512
0b76fc4103afda0e4b5ea094c3e0be9aee07ec902fc02331d59367698448a146924f78e4a647a65466ae5f39154dbee1d7b7d649d600aa449f51be2354767780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
86c21270bca7b2ee4e40626a8494d080

SHA1
5758848a908175511014142b45132d1c9250b564

SHA256
80032ffffcffbefd3accd9c66dd5352265b8b68d977c9a476eb399afd203639c

SHA512
ff2d3bad19ce775f0283da37429da89849cac8f32d595a554b1259aa8c1c596413284b0d1af8df06fbb7be5a592153fbeb916fd8a660e9228646a53f4ced4982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
e91922bd5cd10890d736a6c66ad5eee4

SHA1
28436876ac18a34dd903bab37b8ef1548b07ad2d

SHA256
78d7a791afbae31d02996ceb679eee4ee9ef524623cebbadd6ef12d7a4377cd4

SHA512
f24f14c58358b7bcffedd853b69b539cd5336cd92e78661eb08c602b80aa4d420893c0f14eb1f0bbb435c6b93a71440cef237cdad232ee8426143f632a7b3dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c3fc.TMP

Filesize
370B

MD5
f4a26fcc9819461e5c3170b085bf5bef

SHA1
552b2968f5c3a9a778a206dd003693294aa8b8ac

SHA256
417b34447d88f0a098a0f1888bf23ce028939d5330c1baa614618204aa1b0ab5

SHA512
eae7c81d9efc33297e1ea3853ddb86e7d5983b7e2d00d7dcd60b6f6ca33efc5247afe127441e97779308dce04f62dc619c05ff9d19edffe7ff4a7227592c474e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5f0d864fa3b64edebe0d7cf8ef0be221

SHA1
673c6fb9c106f5b10976558f7f04bac290b87f00

SHA256
de7c7aa1c5a49f06e774ee59b31406c76148c5505b9fb80dd20e269de34d7ed5

SHA512
8c1e42c77a58d16bb4768367db1e6966f418bfe3d079177153d45c2ece07cda22e97990958735c2859a7a1c51c5d0338dfe54a5ca5bac57930387713f87b44be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c70da3ea5a8a38d12f843e426fde2d28

SHA1
86afcb1f8cd6368a4b287beb7657c7156732779b

SHA256
9d78bd0cd85be02921646ce8d559ddb994902b36fe23034e70297e39ee0fe1b3

SHA512
19952f7c2fd7cf4c741f0033a6ee33c51d1830a341001f4ed7cdd88a8dbfc4f14d4ed0cc8e1e6e68b43bb7ba59f007759fdc2fb53d2c2beb5c4449c3053cbfc6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit