hxxp://www[.]megaidea[.]net

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 04:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.megaidea.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
4944	msedge.exe
4944	msedge.exe
3388	identity_helper.exe
3388	identity_helper.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 220	4944	msedge.exe	83
PID 4944 wrote to memory of 220	4944	msedge.exe	83
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 3284	4944	msedge.exe	84
PID 4944 wrote to memory of 2172	4944	msedge.exe	85
PID 4944 wrote to memory of 2172	4944	msedge.exe	85
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86
PID 4944 wrote to memory of 3424	4944	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.megaidea.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b21546f8,0x7ff9b2154708,0x7ff9b2154718
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5027529024800165988,5127464058350794567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:3176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1972

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x508
1⤵
PID:3956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
86KB

MD5
fceab48162721bbb2109014fc3fc5cab

SHA1
4809d2f53158087075ff009fc5c9e7207f2f3673

SHA256
3d172e8935049ad80c1fc74d923b5caf1ad07b0aee592143b15d2b42651ba462

SHA512
68335ce26dce6ecdea9bfe35c0528d7db771006dcf10899f624017968bda8732539d20c0046b955cf6b9b22e6a96cc319e4c55f7bd6a5ca2a1793cb6172b24dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
101KB

MD5
826fa33c459d7c5cd1e8a9b086f39c62

SHA1
22cb75393cb87897256c8d6613fbbbf6ef5d733f

SHA256
e2c41098e2e1de629eda310bfaa8513bb5958d1ba45551f860f1de5e34b074b8

SHA512
2542e815c6361b2efc844cb5c3a542655b6156dee32bc46404ecfc44d386a71f372f841f2b1f26ac555badc63e2d06f1da8be867d89fe1031932a9f46056cb08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
52KB

MD5
705782fb4f03f0302875e9de625fe18d

SHA1
cfe08c95346389fb6a3d08d15d7aa40184690da0

SHA256
11261f3b02dfafc3cdb75c9f3a391c787b968ca2aaad59bc565d809ded8933ee

SHA512
cd422909cd8698b7ee359b1663c8ad24fffe4565a3a50480e4fb9432571896c30fd86b7c13688b095ae0f103295b214d8559d5a59534e8520d59e544478bb46d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
33KB

MD5
0652d3691edd05d715839bca587793ec

SHA1
59a85e6e7d2f8ccaa3cfebb9cc66d278cb558d51

SHA256
789d3550ca8399bc50d65ed9aa8683579e63439af387b8fc1ccf781cdfeb8f71

SHA512
c912bf6f3719e60cc971a10d6744a055185e704a76a55a1ffe120d404b8de899f3634a6da5926897917f54cf9b223e547c753ac659fcb340674ff0247f7f380c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
144KB

MD5
57a1b8dbed1779b9af160f32b9e887c8

SHA1
4ac48281be44832d5c3b9c2f2855f92b23cdff2e

SHA256
eed57f994e62687c2ddd6d5bc05502f4c0396331fc893963723901e18adbaf61

SHA512
7c97723e2f0a0a163f33c44fe963bdbdb4b892c2a76a89db9486973702f54529d10ee8f79ff78a5292acbac158c336fe55715a5c37bc4340f16e2c8051fa3f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
89KB

MD5
7218eb3e92eeb0e112badf003fd1feea

SHA1
37b9f23b39b48b049e9c0530ab6d2ecfac9a3ea6

SHA256
698bac1d05db4be4358dc35e07452330edd15ca99337b26123edae9da4e25431

SHA512
d56a29e3cd1650647bb941f671a2aaa1d9ed5deaf137935b5cd8d4787096c72bc3fc41fc3fdae32a627595ee6da723527573bd8ec5a5e9dc5aab8629dbb5b820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
21KB

MD5
63afe735bdf9b1fd0b255548c360c9a9

SHA1
17f9ef381ee82d5eb545970823053f58928c5b3f

SHA256
4c4fe6271523ad1af895c5eb314ef4e9443de9cec74e3b1c70041d1f49713028

SHA512
b570708e00b6db27f64065fb9be8eeb4b8159b68d22d1206f5ecc9681d37005cad2f83f815b475852d098ed102e3b500fddf74db4fd8ccfb8d5571607ee22850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
16KB

MD5
f879d99e24bf2644d776934d742efab6

SHA1
f597743ac97822bf0f00d071f2980f8c62f10d5c

SHA256
4585bbe1b8e19c3c8d17e6c13e0f7110ea90c3a090c31a02fdde77047c257b7a

SHA512
6da50b0af14c61fcd500fc9c1894cc31ef121c24f673125031cec86055081b425f15b0bf70921b60d9f97fe67b82575b77353a1656d515f01bafd93658a46f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
60KB

MD5
d5c56a138f8c37c5d12e4faf85e5ef31

SHA1
e3f480e28c6db24e818fcf5757cb2f530e3e9f33

SHA256
a7cd83857a1b84c3dda77f3a26cb1959408ea36e0d44c3022371b486e9d04b38

SHA512
b30748749554b2dd75ddf6ff48e06fb6d3a0f6c0845e192892663681478ec2d514aa6c4c012c302c812af6b5c3903f956efa00a58f9a554d2d17f64d63e59c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
19KB

MD5
f0c0412e4f7e8ebf6e1c8738622abdf4

SHA1
7e5433f4d55ff103426fde504031eea535b3d55d

SHA256
a67bd5961e1d3fba115d8d04644accb4df135aefe880d03d7e66c404c85b47de

SHA512
5d228fe7f147e41b874a167942c017c130cccb61fa05f80cdab0911dd5e0185b8974c93ae9877c5d0beace13fb248bfdf717b29d450b12e08e2230c806232638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
19KB

MD5
ce1093c800c0933d7c9674eda75790d8

SHA1
371c2dcde092f51b18852e2617bc6c0c176f5873

SHA256
57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89

SHA512
fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
19KB

MD5
93069ed141b906f40645ff8d0cacedbe

SHA1
44f6f2ae47c447dbff22d4a105a48383dc24d8c1

SHA256
b6631d1b36e91ee87fd91575b16ebc9bf6bc264e85e8f0d37bbf7e08d69d5681

SHA512
90eb76355d2be14f89ec2c8a72f3f8534619c22b5b562cd062526351771d006206c7def2434ef5cc22f3637ccf275666c984a72213aae2998bf7623f930308f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
64KB

MD5
be676a6820a16101eed8dfe9bc39211d

SHA1
84a68584fffc1863f604984161abefe9ddd727c0

SHA256
49e7c48f632a33abfebbf881e504a833abc8b5cf87d7be4dfa9b5b3cc86749ae

SHA512
3ef3fa135bd1ea25660d9b3e3cd0995d1f542d608302e99bacc22640cc7045700391f001f5ba43c4bf89597b8058d533282e92f934b6bfb746c9f2940b96af32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
826KB

MD5
f6ff327296234a4b5898f8b6a08c8a5b

SHA1
5db00a3f1e015f4a8ef1dcd821def898c8569e02

SHA256
7ee9ad596b1f13387faae9994f68aa2c972cbf3c49efbf4a1a3497d9540fb394

SHA512
e5f8cab65dc1b416987bb1b6952a7a61842992839280707eeff510312e91e65a8ff0658ff90a386944e05149eb7d2abba5e8ec80df74d767944f01b44ffcb0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\27777c5aa3f897cf_0

Filesize
3KB

MD5
9287681e8a6182f50a41d579d35dfdb6

SHA1
2143834770504dc1459eccf5a8568e62db6131bd

SHA256
ee1940f2cfcee3974e45b39242a35fdc5fdd0cfd84dcd220c63fbc4b102b1173

SHA512
2ccd805ec1a905947500921669f502be48152528112731cebe0471486a7e95ba7c4b140be68d347cdddda0bad5ddea564e5c12d7b06fefac5eaac54b11b8fab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e6cf5d2a301ddf5b_0

Filesize
53KB

MD5
2e363682078c43f954bc79a860aaa486

SHA1
023e9cbaa7be034ce42620c690f8758ba21d7ee5

SHA256
10b7e700c2e04d5a7a481c0adabecebeac57c08716fd4549882baa4c31a5ca93

SHA512
4759d524cd620718cc343843e9a9ad7e36f9ad91fde750565b9e5581fc50022b98f793c0dd964bb1ce6f51456fdab6bd5d702a749cbb27261a94d6a7157db4a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
3dfbdbcc3f178dcbf015859290bc0dc5

SHA1
1c020b0432ad76718006ea29ccca5189feacc457

SHA256
70e33d141863e43da0ed2f7303d74056b6b9d0809036730f3fea1c95ae9dbf9e

SHA512
656b5257ec85806dafe161d63b9d6115487aef379bc8268787db9dca98b7d8d05ac4c8fe69effa595519ccca5d4a118b4dd5fb3e07be979c5aab42fcfebbcdfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a63345890577be39940fc154b3b3482e

SHA1
7b77edd82c838e1b3662fd5f2e85d5461bb6dd6d

SHA256
2a2daa0d535dae8919414d1ceff4025a575b9c1134fa05b2652d98a03ba6e6e8

SHA512
fba5c8dd745a38cd0afdb52846663b0c90b260f8e7a0f8226eb64798d8531d79d14e9d57514791fa7551ea390e665da3677bca2c614832a34d96f8bb65fa2fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
bd3ab37f067d171df6c0a3e2c495d15e

SHA1
760f2bf6f18b3ba0bf40f7e0092a7478b5dc17c6

SHA256
6319efb19b883aba279670e39b2e5ea04df5b50338329653195ed122769c1bb7

SHA512
027d56a9ddb3d11b4f96cc02dcda24e14dcf86a2dcdbeca72eebceae7d9e263981abe97e886b0840c88b13e50c9ceb93a6be9f70dc137c87440471e730c169cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
551eb37de9aa31de547e881667e5c6f9

SHA1
75839823ca5f40c2a1fb51cc4cb29bf393b584ce

SHA256
198c5e1214540c1eb27a2a5c710f5ba8de1bca3dd46d245d9b7135a1a074b16d

SHA512
8fe155a1a7bd5b4cc30478cc87f9838f691a2f0104a7a239cb37cff66d55654da53da615932d9037c71a41a039ac9d0f907bd5a38480a5c07a2a592f171d4536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
94e747081db764f55b5805ebd3b9e6a4

SHA1
1d151bdada441b3821618ae151a0d09be7f9bd2a

SHA256
3d614072b37e431d2654984c5e330c3714115fdf5eeaf3bf4e7341e7b729c006

SHA512
a14926ad0d90c80bf644986d537cae97e5c4dc82f9ba55ac574a8bf0dba6c7bc7cc93ed8540c8311583a15a40070561a4bb18772e3428c4d54661f9d98cf0c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2cabc743011121548dbbf3bbdcc61169

SHA1
5bb290a0d6b24abf21ca181f904265a42260bdd5

SHA256
82d96d191e1d2087e5c4652307fe01ead0884bd31a096b0d9e2e4f8cc30c21c1

SHA512
ce76a563c3c79ba78d1292825f8dff03421797670ba54827d5176c3900c4d7b1d77b33dfd7aa9336572e76f10caff982a1cea8861663ee4e1029f5bc9756b309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ba691f72c58d2bc47d8a6323d0f048f3

SHA1
a281377d8be2b9bf062b440d9d0cd189fe180563

SHA256
2df6771590f56cf667bbb45fcb552eb77f4a7272afa74cef54feaae55cb32ba1

SHA512
12dac4cc9ab0eaf02ab869a953c01c7e57d9f832093189f211bf9e61560685f9d1de3b2252168e58abc6d718ddd4ffa7d694db990f158dba86b32e1fb83e4cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a8cc0cf98af4374e28d91450cc5d6269

SHA1
13c380ed96dd08ed0c2aaff651d18774bd15ab54

SHA256
59d7f9f59f836990c9c00d7370e2b4c7e12bebb47501104f4d5d471edb3576cb

SHA512
55d991ff1e100921b53c84cfbb29b940687846a5298b19f962023b54ddfe31160fd54a4af6b28d2c7b5af88bf97561f52691e15dd036b6a8206fab0355421ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f0476cd70b9398e33da04fd081835023

SHA1
27a4c692686b62c555d818b3ff649aa0d99a77a9

SHA256
b39e2f10e368035d67246cb19d2f66b7a12a6378a1a78b570e25c98017b4d080

SHA512
e762c0aaaaa12b13674dc98eeb82f1fddaa165a1c3261838eacdad51db42a819bf69c41f875c7c675cd32f211b02a58ee38d7839af30cac5f329fb00dfe47202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
13dce1a5b7f40bd01da48647366349bb

SHA1
7bb2497cf7728414a1f79650303ffbab68632a65

SHA256
1e92001521c09a656add57801b5d7453bf6373eb01a411d770310feebd3eeb17

SHA512
092fb7d2bf54c6484ad0a9fc2917a5f35aa3a400b0078f29a6800f738c4cb051783102b80a320d3505d63eae7f29741345e731a82751ecf65352015d1d96a0ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bf4348d2ad0d2f170a73f435692db75e

SHA1
04b02bd26b78d87b23477156d514b093546322fe

SHA256
545ebdaa8a451d30836dad8ffd4801095259b79cc2a134008243ca531f756c5f

SHA512
184ab984fc333250797372870790d5035afe195f17ef77e17b311fa0fcaffae5c88e0b90f86302d7b11625b3a620de455fbaf9ab5f71b857968de4911cb179ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
529cec6ea4f831664ff8d78755069667

SHA1
663a2265864a2d5211ead4bb54cf20ad6ccbcd5d

SHA256
5d9809af52046a566709062d85465467589fb21f12e31353322db2c82b45e296

SHA512
08f3a5b98063d9284bf507961748b4ff304eeaad57e335cfb6543adf10dcef5af0a23f5f8801326649e52bd0e1340d169635a3eb449f61b62d7e00d34d7e45fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
e05488d8d106457da005bbea085b9dfd

SHA1
0ba44cd9afd9786abfbe0737e6438990a541901b

SHA256
268c50c17c17b77a371d3455f1858840e3be188563c98a568fa66abee51088e8

SHA512
7569d52a725ba94469b7a7ab165732f85888136cf359ac328c1913addbaadc82f7f19ed24683434c13604e62d3784fd73e670fb65ffbed44e9fb6c6ad368a357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
1fef568729c0cdf5d01915917947f801

SHA1
0d8a9558f8c13612072314d122aade9f243ea863

SHA256
9333f1a283d02ff16ec45c7691f808eb5c5c05810cbddaccc57d73a1a0708b25

SHA512
d25941f714312f743f47a3b6ee3d67bb9fe755b57e575cda59f72461ca954b78660f9ded8fb5c55cf9ca324396ae14fd268488874689fc32a0e9442be0ff8e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581393.TMP

Filesize
706B

MD5
ea349feb59223695aa2e5e648d7e1b97

SHA1
dd85796e79ab4c29c868ef0f0ad720fad677218a

SHA256
4809df754b5aa84069287a997c1b656e16974c19320f3cfd35c8629026f34543

SHA512
c3bada14faf06c259f0d72b4530aae0ddcd6c63676e7ae3d0037f722780fbf4d52c79ffefba29a0dba2d851e5d5cb49b29d358367f3404508a6f00a39ad8f24e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3a9fa412a836055e6b7ccaabac999c5b

SHA1
07ef192a5228d94ff550b3ab3bf80f8bac721ecc

SHA256
a6632cd38b45eebc86573807b2c06e3a4d6d6f109429c9cc823160b659deeb42

SHA512
6a830e5a1f5d1945e450793e9669f89247af0f56431fa03af5211d5ae27853dc636b78397c921c1df9af8e9834b4bf3ce0070e9775c5867a79808de7e52c4ad0

Download Submit