hxxp://rule34[.]xxx | Triage

Analysis

max time kernel
216s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 14:52

Sharing

Report Analysis Logs

General

Target

http://rule34.xxx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2796	msedge.exe
2796	msedge.exe
3308	msedge.exe
3308	msedge.exe
4480	identity_helper.exe
4480	identity_helper.exe
2128	msedge.exe
2128	msedge.exe
4888	msedge.exe
4888	msedge.exe
3684	msedge.exe
3684	msedge.exe
1740	msedge.exe
1740	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3308 wrote to memory of 4020	3308	msedge.exe	82
PID 3308 wrote to memory of 4020	3308	msedge.exe	82
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 1820	3308	msedge.exe	83
PID 3308 wrote to memory of 2796	3308	msedge.exe	84
PID 3308 wrote to memory of 2796	3308	msedge.exe	84
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85
PID 3308 wrote to memory of 1916	3308	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://rule34.xxx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa439e46f8,0x7ffa439e4708,0x7ffa439e4718
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6308 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6596 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15183917912610010273,10892735485493968122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:4332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
22KB

MD5
09f8c92e96d3cf8ee18529227652a071

SHA1
eec285f8a4a762ca3de3e80ad47a3405bb01087c

SHA256
268e7bd4d3a846ebeb61b4be20cbbe6f98288e4a08de05e024c99eaba11a370d

SHA512
6c34f957570b168688102e50591dcc3f1a5369b2933b4dcdb1addbbf926671a330e8f4740bb14ca51a56c8b9bf77c44c57c0248840b131e445bd2cb63ccfd8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
143KB

MD5
584d22ea4ab1df2e6d501b0e05ac92b0

SHA1
508ffed83e053949f8cf5820c87f078be7f1876e

SHA256
b8ec8a06cc836cc6891d2186ab26d5ec09fe7e3d29cf1121661292a8a8502a33

SHA512
ad78a0dee02c4ad90cb2c4b6ffa63b043cf53830249ef00472c4bbbed74b5f8ec0d139ac69672c0d36d382182bca37682db28fd4936c2af605e239156738fc82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
0aa2e7813937e05dc141573ced023773

SHA1
38a47cce992c0daa916e53dd19ecc7ab81754fe4

SHA256
559259dd1366cab1938d965641c9367afc07998be46c4c6bd5b90f0efb5c150d

SHA512
362a27855d33537d16c4efe1d218d68d839befb2ab29276d4818acd77c10a9b23d744c63f068e7c2ae4a7ddd683429daa5a8c36612f230812f2a1702dcf500b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
182KB

MD5
517c654f9665566f399c109c4ae2f2f3

SHA1
b18fe19483c1bafa03fc0172c364641de5b5c4cb

SHA256
154741ebe9f16b9ccecf9a153b1699017ba578944165e4400a9362254f01cd6f

SHA512
e6e405f429f95110586036aa73ae4a3fac45b89f89a65dd9c939fd365c041707052761ac4b62cee97d1d8cb40ec72f5bae261b6cf6f35cf493a57f7200d73b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
180KB

MD5
6c513131e1a9bd57509a954dce3d1d40

SHA1
e25ecb1d58bf400a4846fb0c77a4bae8128e5002

SHA256
469b415d386771175b6bc664d0e17873d3d0f8eee3c35733a87218570cde3643

SHA512
53226ab96e787db776b63139df6f9aff76d19e265cad5d84fd4bffeacb28037f851c4fbfb6799501910154890e2067dbb38c5fd7f9d48ee090a47c69dfbd5804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
3ce2f73f8eb61cfa9a5c2bcd2a056002

SHA1
9cc2ef9e82f188d9b4c6aed11648f910b3bd8556

SHA256
f38eb879dc3e74ac9604e6c87df36f3146ddb6e7f54061bc7d12c9f06bc02a74

SHA512
56858a39101e6087f617eab6dbce39a7ad1c767a12f1ebecb1153d8148d66e9ee628702f5d910afd6c1b3a4d126e96c32201d871f65ae64ad40a7f5d34a1dc68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
82f37b42f4e94ae2c3d686c01d10b1a6

SHA1
313ea246156783d838b52e7c6eaf1153a22c191f

SHA256
20e9ad789bdbd54a1e1122cbb5ba8ff35fb7182a80b621a70efc9c62d1432e61

SHA512
104bf6af882bb4cd45bc5e4e37372fd1187c15f1990adf50e2284e669c546f5785a69a633a276f955118d080dbcd8d4549725de5e2041b9a3c02d5f546fff712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
9f9454fcd397c507e536ff0c4ec80635

SHA1
146ec3838714c6043f6d273f885e1fb028e7c211

SHA256
e8b1fe1efd473b5aa9fe548b7521f66f2192597a9ce024c6ba0cb66f64bc2ebe

SHA512
93b80c44b311fc8c09d0c9a23b87e857b7c633a1eaeb92cde0550341948f60a0d19ab48678e8a2296573722af7b595bfa48c7f8bcd595b0189d076f165d3fa85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7a17f8c5fab6f78985907453a9a6533e

SHA1
5c299a5b7e22294773507135993933bdc2c2570e

SHA256
60fba0634340e55022523c6a9c0656f8da8cbb77d3351addf2820b063660fffc

SHA512
ce091bb4bb9685c56e4798c9b34dee4744cc869954d63bd6a5badc5043f6600dcedfa4d4bb3e92c59338d4cdbd9bab0fe6426c979a1916d11e702380b93ddf50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c32a93d751c4eebb5ce53cd419a100e5

SHA1
a1f8a24a0d71678537fff6747295aa614407745a

SHA256
484cc863981ccbcfa28ed4ce6f00151d303f8edde798abb7011f112381b7f915

SHA512
aa47c52f8f9d15be02ba23a51ceeedec93f971186fa5df5ee0ab3bf5e3ba2de212531d56acdf181c6eea7ac48af5f7f04dea0161a50e280bd6815a3cd7068560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b203358504e8842b40a204a36f5cb192

SHA1
ed079018d2a825181db2fa0cf133d16830b8a3fe

SHA256
d2a1353ba92cc50b33a6d458a7523d748d88762959149868e591b4e537407372

SHA512
7b3a5305df66cc6d38bf9bb6912f780213644113493b2e05214136d96ac8736173e051fdfc22a1ffafcb9cc679eb611b9aa3e5f72e0590980cd43e3ca56b6cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8436596f046e319cd4e599e3b0702c54

SHA1
66caed39d5130b5969ad16fdb8d1ed68b10c3e6e

SHA256
372e7a963fa18ab787bfe95e0afc444e798d177f795f5087fa62bedba84f6dde

SHA512
6af1cb6f5383937d75123a4eb7cfa6ae2b2783dd82d6c873d588afd1e0c1cd0465772916a9d6e6b0480954262959de6e3078081d60e72b9f03af385aa4fc9710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a28b89140a768758becde7e311202b1

SHA1
ea8d4d7a2db282fa53539c3da3a2a0fc56c4562e

SHA256
6cd0bcd69b95c3620251a5f81160d9922645e40934cab5d5f9d65aaa3147421c

SHA512
8652f4354492ccdd34c0171adbb8a79b6d8450df5f9a0709d0c949fba0040fee3bf54728ed29653e6b6407cd7d8d55d0846148d90a9f524d152ef34e307d23d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66669e927bf658ece240b0d8226ffbe3

SHA1
c7ff4c46cc21e6bae57ffde8938128b587454d39

SHA256
640fd9a445afd7c1f53ab10e01b294c079ec9db2de0cf0695aa29e27366f339f

SHA512
6e717cf33d4fca51d74e6966644b49ad5f31305d3880d53a3fd0624dc3440ce9c203d0248220c2cc31b2ebe9a22dbabd3bada7d3dd1f6d708374f1ee4720bb08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d145c7460fe07e1c507ebc27599c86be

SHA1
f227ee5cd6f0be34daed4073358f4510bcdc05bd

SHA256
e980db59b4664c35f9971703aac4bf37951c6fb58f9287584d7a6fcb92815c8c

SHA512
82e32164231cb770016c0b2b312254e8746e86dda6d7c090d6a5b35bc66881a156daf81493de1561714513f16f4e1e00f062c31ad14fb6e4754fe900b0ffabb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c88711181ee84954172f7acaa3670008

SHA1
68ef2bdfc3de77891fbd67ddc696fc8cfe42d078

SHA256
39208c653bdba787cb16f2f20630b823a0804a2e88065a3d86a8d869e95bee09

SHA512
b1180ad01560717fdd91d8d63f389f4ee229ac48d7176449c5177c996110d06aa598222ca449e60bd25327ac4c48582130af4d9a83a8cd3a81ec87473980036c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1796428387d544011a15da3b222e2d78

SHA1
1786e9ec7d6811047dfeb470e1aaca7bb4d44082

SHA256
fc5770ee4d682691edb116d7ad865ca732acb91e5882aa10d4d0df2bf67efd9e

SHA512
e7d5a9325b168061797fc3e51eae237d47229efb21d1557c4f451b880eacbe8596da91806e0aa90843a5c4839f5aa24b91cc80f3e2e1f933f65f047ca09f7240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6fbfdff837678348c25e39d2691c3cc

SHA1
fde7908a00313ce47d589d0655dbeaf0368cef67

SHA256
7938e1c02b9515e9f521f37ab0bee7eaa5dc1b84df25dc986c5676f4ede18318

SHA512
a3b51cf75aba79a45c2cbed87f9f00df20ea480057a3e5f8ce4f3d0b09031bd1c1e52c14912f451a9ad473e90d470c9f96c77cfbd123aa19d2938acc5927f2dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dafc3d245a7246a74acf4f228a368fee

SHA1
de42e36591d54fbfadd21890cf104b74e0a78554

SHA256
bd23c58c1e2689546049464f51f7157238b9634cafc5c8c006da69459412b78a

SHA512
a980809ce31c138a8dec53c0691000ebfacde85cfa96350a26a97ae3d987718217628f14a2964179c9e70a64c1a83110c0f023c64ea8760bc17bfc52a8b12557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
e63092a641dc00c19e9a4c296fe29657

SHA1
c1ace080f3b421a6da7ed9e7d20d0a5135107b78

SHA256
9073ff4d8552c79b26f64e55a82b066a901d6988ec0a80fb7090bd302d81ce84

SHA512
262e7cea12fe1cec54448a4c16fefee1bbc7f6f9dc6b9f3c0c7cb1a155c82d88eb0f49ca5836f232bf03de79d3eb55fc528a9d46d23b265d29cbe00ebac052f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
aef57a876cfe937f98dfdc781cb65d81

SHA1
f7936d9b8138559847a40fe059fde87681faebfb

SHA256
3eeaeca7e49b069112ba095ef4f16b4429d424e56cda23076678ca62daea1d9b

SHA512
0cab44e9043f4becde6e5d18a4ec04d131c62ef0d4627bd8f60ec35118925b33b45c6c462aa90e28c68e9666bc6760600e62c8ba37cf5b9f5704e4db297347f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
c385eadbc6cf19177e2bd1aa768d137a

SHA1
3c62028188a6e937582f8521d5513324941a091a

SHA256
816bc09156a06a5d3ea70d9520cf6b5efb34f36b551d2f29419c00826cc7018a

SHA512
64714e3c98af1e5ab3243fafc76c038f149b6f81c3f3853f6680d7705dee6e154ab746337ff684f71f03e55eed69e4f322f53febc775f326222b9a996d81886d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
1f4c6db7e463dffecf27c2eb5c142c15

SHA1
21f89b8cb98ec51e5383dbb8877c3f8d5ae8d370

SHA256
ee8debfa22d318b7d0edb963882d01424f74ed7649e480a3e1b59a8756cac2fd

SHA512
6b9194c6a46faca8a7d138ef2678dc6cb52a1a5678cb262da39ce2c8bb143884d0a5386e4cdb47740c888c072457d5e7b416e15217e07e7ee9ed23f7253e4f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c813.TMP

Filesize
204B

MD5
6476ebd019dd3c4a4aeeef62c1dbd217

SHA1
43455bd75a216b8d8885c8aa80c23648d70cdb5d

SHA256
87648d2ab826a05fd3ed90291f63a776249a7a4ac6e2734f870820f83f3edaad

SHA512
9070289eb84c941bea4262b0e455b9c667e0b74146a40bd2647669b5216f94f991de830508f627aa91918f481518361dcbcc7aa049a9ec5093a389c9a03e78c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
575266750e189e5128808c0d7653962d

SHA1
581c1c018d75a03b459dee098fdb6c85fe1d63de

SHA256
147d4116f775acacd8b5b2dbdcb773734354f149eabc14e68dc474b7876bbb64

SHA512
ee42362748fd383e98df55717cf8772ec931880d138281d8e4a7277698cc08e0dc71b4d9ef68eac0a07f5a10f2b4173a3f57c2a5e53647dcb00d18b47b676dd5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 492241.crdownload

Filesize
88KB

MD5
3e4ecf593865f5339a1a098d63fa6f59

SHA1
4cd17ca156d5ce8dabdd43e1417a540007691886

SHA256
9777272108a226179021ca69b41f3b58e588b0d926f87363c7bc70bea9de16b1

SHA512
688727449c259cc6fea6642c8bc59ab9a0286ae9fa44bd83f3fcaa5ee867b06c87313f46e7d7feae1a7ee3b9ef30e9ad7bc75108e73ca4f8ed527c832765bfcd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 570952.crdownload

Filesize
88KB

MD5
98d87882197570e27b93bebd8c1aff47

SHA1
d728792f5d49517b707b9a6dc9a1580c60f41e78

SHA256
20b1062a05142395b5e1096d74bf4567b391fc3a503a4ed09e9763529ca5dfd7

SHA512
42aaa99b6ee653fe77fd1525701043049fc60b70528cdd81a750003075c89fbee1312c99c48996024f70228be1b1c82ccfb99b7f99b3ce01dac7f62f3b601d6b

Download Submit