hxxps://codex[.]lol/

Resubmissions

01/08/2024, 22:02

240801-1x2wxssfnf 8

01/08/2024, 21:57

240801-1vb8gssdrd 3

01/08/2024, 21:54

240801-1saa4sxgnl 3

Analysis

max time kernel
194s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01/08/2024, 21:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://codex.lol/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
4720	msedge.exe
4720	msedge.exe
1404	identity_helper.exe
1404	identity_helper.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 4320	4720	msedge.exe	83
PID 4720 wrote to memory of 4320	4720	msedge.exe	83
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 1128	4720	msedge.exe	85
PID 4720 wrote to memory of 3736	4720	msedge.exe	86
PID 4720 wrote to memory of 3736	4720	msedge.exe	86
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87
PID 4720 wrote to memory of 1844	4720	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://codex.lol/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda90a46f8,0x7ffda90a4708,0x7ffda90a4718
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1900 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2376 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11407093168310843095,15081851664964682523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\49bdcfd8-4708-4e6c-aa53-9abe96579330.tmp

Filesize
10KB

MD5
7f219e59fe119a87f0a07a46d17c8022

SHA1
346222004c2b97a6e3425c4adefd9db4a4157c3a

SHA256
1f6a10f2e8de9c508d6e40f48e44a07ab51ce66947447a136f2a55ff71f77958

SHA512
d871528b8c9f678ed320e58b95491c380659a74a5a4b9e844ea6a338c28ec906c08e702564a7187115235592d302677f40604551102ef33a146f569bfbd66120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54a5c07b53c4009779045b54c5fa2f4c

SHA1
efa045dbe55278511fcf72160b6dc1ff61ac85a0

SHA256
ff9aa521bb8c638f0703a5405919a7c195d42998bedc8e2000e67c97c9dbc39f

SHA512
0276c6f10bb7f7c3da16d7226b4c7a2ab96744f106d3fea448faf6b52c05880fe65780683df75cca621e3b6fff0bd04defb395035a6c4024bb359c17e32be493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d3901cd618f65d66fb0643258e3ef906

SHA1
c9b42868c9119173ff2b1f871eeef5fa487c04f6

SHA256
1f74c3d5f4d41c4d5358e63ad09f8cede236eb66957f9888f42abf98b238c086

SHA512
89c122ea72ae3f26c94e34040e0f0a856506c8490ba36fce371a731b3f0588407c6356cca2ebea37ac829a67c2b398e298a64d5a72712172f69071264ca58e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
26KB

MD5
5368546725a64ad40f0ec78e8facd3e8

SHA1
f29e02f51a28793fa74128e50477f24a71eca775

SHA256
df75b33390c5011b798b93f215efdc9d9742a3781f48dc8d0d011931f65352c1

SHA512
ce0428f986bac9f527fbf479b879b94f75d908f86e1284b661c25032dd3e5aa9876ac2fcd9d8787508c43f4ef5d3d2b3e7d1fe6a3ed96c72a0b875e635446280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
52KB

MD5
330326f45e54bf8be962ce84dd13d60f

SHA1
fe8936d88b598800495fa62d4926c0ae1b59328c

SHA256
feeb45b795e7fdd76ab79b9ee547575ad14ab1b166682275346a5dcae533f3c2

SHA512
bf064dadfc49cfab5ffe6c98d63f093f75d4f7b418db8c95774f9c3ab988b401fd7e14f39ce3274cfbfa2bfd7efe807fd071625fa20003d7734992eec6402ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
39KB

MD5
477196f930f7b50009350c419c82e6c0

SHA1
4a9bf3521d493afb0e66c794711287ef17965d08

SHA256
0fe1189c430dbd75f4395ffda846e0a4f2bf375392140185f076dee54a6dcc17

SHA512
358a30f087b270c4e8334a5bee545338eee35a935b7d3c27c656206e30e51393045dee43ec5fb36ef6b4da8f67e40b015ce43726305693480f3f42d0845305b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
101KB

MD5
07d5a26383293762a94ae6c065ecb0e8

SHA1
b28a2c59a9210e783c6b8ab862012039d13b9c20

SHA256
5071fc48c772886a01cc44662620eee1e2aa1f5bc16efeda20a4b94cfb2531b7

SHA512
cce54da4b23fbdddd7bb5d7f0df45d143c3e21d32ec1c4d91780766bcfc72923cb1e5d33a2f846015654352bd9c6889da0356b199fbb10ab6f23566bdff9726f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
23KB

MD5
8951283ba1faa0d2c460f42df9366ca1

SHA1
c1485303cba4a15a6be50f08a574f16345b057cf

SHA256
ec77738d9e8ae43b942aad4d6f555ddac5cc5476bb982d7efdcabccf20ca7c6e

SHA512
28b1eff095f86c8e6e3c09b563babd33b32d9dab84d45615e4d04d677c292702703b2d0e0e43a236aa414d4d92ffc9d5ceb86b41497b522d38571d1de4b23014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
52KB

MD5
0d8486f06a254520f9df660b86bc3b06

SHA1
344b5ca16985329f67545b6af535adfb7ec2f407

SHA256
9b463875ead96f1414cd27506ab99a79a743cfa1f86181f323a05ef7d09e80bc

SHA512
20c438a4972ac8b6b44d6d105d516d6952f6196857d48346a0ff9e8f40c0a5ad59b46f8cea15f2ef713c5e30311940e319fb8569294b50e7ffa266f3e5c0d4b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
143KB

MD5
95d3b09d0f560299955a2eda811a6c42

SHA1
b9c890a481cadc9ac53ab6952a4fe9133f0d55af

SHA256
048d28b53e18139df9342cb50d70ac47246f6c70f6dfdaff4f5b82a3c3fd810b

SHA512
730dd1812f7e07541d455a7bfe91d8143b0bb3d71ba84e4681981bfff0875c110de2f1b1103096902f02531eaf3d23fbfbc0e31db8a1eaac4c4d82f96a868b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
8bdff54061b6fe73dfad48f5e1fcbd3a

SHA1
f398188dac3031b1d8cc7bb7e9fed22ad0ac2af6

SHA256
7d618e94463056a874009f200a5e44ed66156c0f7df2c733074610e54bc38b42

SHA512
f687b73928c9eb19788f09e5bab950f1861b7bc58efc9662b0aab89d81c8cccd77c725d66cc6c52c5161d47d388d78056d077a0efaa804ada6b8391eebc1d8a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
162KB

MD5
18d9d3d811538aa3ff9d28b0ac9f959b

SHA1
fc7990aa7305f0e0a478f5c16c6286d08faf8150

SHA256
751d83525ad1f8c8c74099326659dbe9b79b8f4b6a150689c3ca3f34e087779c

SHA512
e450bdcaad5ee262a1b23325b4579c9efdf732408fd3133ef3cea008bd66964799534365ed384f891db561f2bdc1ef5b9dd6d09b8892b3e39aaf8b2c11466d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
46KB

MD5
218f4f81bdee5932a127929c6d693f0c

SHA1
21a507dfc03b8a1107eba38d223f1f8c2217a48e

SHA256
3c56fcff3a74054781e42a712f7dc2b874eec7a646c7282464c5d4cad1a36186

SHA512
11e5be1ee10d1f54201f860bfb1456f0e0b1ada769477cea39eed5f29750c9d83bc3da5820505c28f76892ca20894d6d1a623db0ab826a1a9a623bc1b539969b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
96KB

MD5
f1456617564c55f8bb0f4e3d8854aca0

SHA1
02ae0418e42c1a30abe54385d29b271ddf4ea0e1

SHA256
eff1530112ef01a3217074dd995b63f81ecacc462fcb9a9f7f8b334f27983a1d

SHA512
484370d62e91b48cb0cfcd94760e8082e7c1f9532b87da7960f3e06a4b50e6b800009c27a79cccc9ad1eaa756afbe40fcb2b374217ff5009e3f1643eab89d1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
45KB

MD5
74c3556b9dad12fb76f84af53ba69410

SHA1
342edef074482299f72f8f7a8862e6f908bd4137

SHA256
3bcf04ca301e44f13f404c8a04aa4ae707f67a950e12ef30c238f96e784266a1

SHA512
78ae2a421e6aa394f78200187a13f9b8bb313a85dac223d2863c46e4f53393033cbc400b40d2044390f3b79105da41d1a59f81d796561b8dc1c2a7b763bbb9dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
52KB

MD5
20cab8626717f8e4ec3423810d92da22

SHA1
4bb539912e8d36799eb47ad7989aecb66d11bb79

SHA256
05a5e172730ab9e1af2b96c0be0f5f31d784b2799d0e0f2e0743c777bfd09e30

SHA512
0794a859ca063422830a5a16f474bf0110f5a95bdb6e6bc7c57c1ba3ee8a53a5862ed555b79b94b82d4858447dfdaa2b4292486d72a916d64de832489d8b892e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
28KB

MD5
99da83e40906a4e321de96b34e373a43

SHA1
28a719880c95ee04b4e08ad2d18ca6bc0aac7fde

SHA256
cdfb906c6d2eefc509a27405e64138eed37d3c020bf8374dd50f2cd1c6423095

SHA512
ca4700783587a7eb0070a0bc385399382c69793bb03656f6fa98a9dcd98869b48ac9fb4f253eac4bf5a9abdf2e46a51dde607abee1732a043908431376ec5f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
23KB

MD5
64e64ff8585a2fc668831fa62860260b

SHA1
061e535b7185704bf5731af0ea0d51ad68daa171

SHA256
04da82aea6fce95634cb6d9cd550a5b15d64ecc3e9aaf7497bde26f90949d22b

SHA512
884c2528ac46f74f037989775508d1719c5652e31a4c7a57b9278b58a36c2793a405bc5e7fc2d8a6c9b4e918eca19ddd44e434ed4f082101f635cf476f4ff12d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
28KB

MD5
de2586d1f14c6b48320ff8b55c7a4463

SHA1
94f2b17d12557c8ef79dcb5c61b2bca9d1405edd

SHA256
7a0d20d15b296b89e2261898b92a24695dbfa45c27bb9869953a9a94dc01baa7

SHA512
e299f587576e534b0920ccb94f567600d6bfdba343b31f48a524f212b853e22fbd1f784c9da083d6222984a3ea8b217966c88f1dd43c543b564f5eeef5c71db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
56KB

MD5
e45a8e76215ecbe872922c39448f589e

SHA1
672f85c7240b15f6a5ef69bb2281880398893450

SHA256
fd54fa8ec9cbdcc779b9bbf1755aed042d28a66513d0f94e345b2d2fa0a384a6

SHA512
0b921232730357b42f2e39e9e8557f2470f2e6f748a58d8e9d80a2dc90c80254fd251c857d951c3537c7325c88899b02ddd42a62ee68e9afe66990209b6d277d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0a6b058e92b79d31_0

Filesize
7KB

MD5
ed6ef13da3756ea729c7a9841f2f7388

SHA1
2cdcd30f72f187ea74e3826af0930fa6e1ea460f

SHA256
aa3a38bfbe88f7d396400dc4be501a63782ea33dafa24d044b6454a99a4edb71

SHA512
3c078aa77c25ef600825af1fd88fcbed2e3a9445d118fcc468b9e07f57a8c0e2be01eed2bf969a48296d51384fd76966bc71de71350fddde9eac9527505f13de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\519db9d220263302_0

Filesize
103KB

MD5
8ad989ac2321c3fe5e85815433a9de69

SHA1
ae0be05baf6c3a2092978613c2ab77095e2333d9

SHA256
d2fc8e42f6f78e71ac43f519cf276a570755233229c68c80b3c420ad276ce2da

SHA512
304063694451b800a61a207b72e42587f36820a3728c1bd65699e429c8e08a3fb6808a391357511b56a54590e99b16df85ab460ebce3702b37265831861289bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\77ae413e1439cae1_0

Filesize
266B

MD5
fac83a14321465876fd290a030cded57

SHA1
6f3a2bf775f5c09ea4e201d2c785ba76b9feed65

SHA256
d7042a836242a889274fa36e2efa9a4a7242960e982b8b4b12b5c80c9f412a90

SHA512
43aa1615a0fdda6f1f3b15fef7011024cc4f126d1be8050a49e681374f38eee393bf538589514d7a76b607bb2700eecbe6533fe1daf1d45ee210d5fed3f7a822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c219a519dc16a70d_0

Filesize
2KB

MD5
59c7a8c2688a3aabddfa37c8e672ba9d

SHA1
f6b1670b5d1d2dc03a2dd256316d117151279c2c

SHA256
32e13edbb49798967536ca5e1144538ce8fb68daaf936a9d9efdb1882ca33bd6

SHA512
345e78f2d9dc52792870a21ffaf706e4cc2c39b2d3d3d0fbb31868852884435f1d922370d8b61aaa331fd71fbd7920e6ca0e8891032e2610db0615eaa1a9ec0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
648B

MD5
4412e7baf66f38b46a16802107c91e30

SHA1
b73e89a52c78aabb77be640b6698923dd97b4157

SHA256
8abb143b884c5e7ca1b0d8e3affb7998877cd9eb18d8aadb7acf448256690ed4

SHA512
1c974db203a186cf6fd528583edf3a4c13cf3c11e27934595a872f51b6249d73de27f24feb5653b355fae94843db222e9d400da6c4f689694638a8acc1578e26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
706bcb132b42962b1eaebf1ca5d4f1a4

SHA1
364d1bbc978fd9ba8f02213b21afa3934a9a8dff

SHA256
21edb268335ab255235d085df716cccc38a568f5f6c24b4487c45da8d332816d

SHA512
a48b41e148ed9afeeef1a3b523a1b6341e9eb0385af63a27d2b8e06276e16c295c340e3417354893005ab306629f5e993af1ee841ed632043aa2686ecfb5913e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
63f0267b35710e5d35d347312a283b87

SHA1
7db1dab056d62834f8957f0ddb5c860b3ff76753

SHA256
6a929bed33a1717503a0bdf98ddfcd9dc0483e2b8948ea09ea7459b29b827ff0

SHA512
2a69f4fba529d763812985fb15dcdd57f8b2a09842c9c09afc70365ff11043a15cec3656920df87726c585dd9d7c7e987bc67b376a1f9de6ea7afbc4651ec07a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
987B

MD5
79b4e442a7f135e156cae61ae73b114c

SHA1
ad79111ff6ece441b8214cb45a7a1e799a5aba8d

SHA256
98275ccb08d88c9e68510d9acec21f9ec7f002cf3c06427edc83b4a5bff4664b

SHA512
115c020b5386f3cd4ed604408ae471f5e3acf3c242e6d1230a910262c38c90026e8c365893cbfd49073b72541cd1bc8f6fc5f3c953b2ad32e19fcdadd2fbeba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
94875f45b6f84b06840548d1438ec013

SHA1
c48d0edb6f98dfc134597a73269abf32fe5eb7ac

SHA256
76ac9987799d1c82a3c516b7bd499cb079a29b1a2fe32add15497bc5e0f21716

SHA512
d3c2f344e98b63701fb2db89232598085759beb5cbbc3c602ae7cecf4d11061e5129967e831bd339f5d33805599fa2d4736bd93bb68505d3fe329fe1b5e97443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c4cda8d5630c1bbd3eec5bc13e418aa8

SHA1
8c165887bc7ede4bb88797c810313c8fc14b2cf3

SHA256
2ba3acd3bf5e2ca78f8d66365bfd58cbb6a497a21e91ed5b82fd5a7966a19463

SHA512
43ecc17748daeaeff7fc3364faf3777a220a69c2e7cc74eb7e7c606ed78ea60c8f8dd1226583f398ad9893235a9b5f64cf91bfe2c549bca9391880da520f3c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f0c75585978b8f3f5b8c84e49ee3dc75

SHA1
56eed548e796be4d56e768d9273d020741b9f1e4

SHA256
4a5567710abce4b2d3a50f4a4432237558114b369a99e977664c1415c10ae809

SHA512
887acbdf1d903f57d6f082a329ae9600260e32d6485c3ea0d43c93809719448a19c16696b7167e7d47c09cb305b750eb9796980f23b11c00a16af6c734028f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9113f4b43c6ee75698f4a55aa014cab4

SHA1
bb6416ca08fa5fbd30b1e528575802eaa9627c32

SHA256
6912e9ce6b92f3c0f3183257cc0fe011ec5c6226b5f7da7cc137047da97c26e0

SHA512
452cfe66f63a0c0dddc4a373476eb07bdaf214e932716b997d16f37fbd6b3d84cfa1125a439d9dee064236b8b192822fc51f0eb8109e3a0079befa5b8ad0b666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77be7280807c97421c42c4ce0ceb10f3

SHA1
dcbc63724956067c7003d30459abfbdbf8ebb757

SHA256
2bd43814dda98684bbb8dacd692ba27634def08eef9da7fc11303bf0d48d476d

SHA512
26a759d9eac81891fdc244ef20f0c84c42293d5f644fd4331d1f8ee8a7d3574e2128f39632349bc66000906ac74ffbc3a225399461bbb3d5bfa1ca2f5299b341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0fc811d39c9554850bcc05c144a11172

SHA1
900e38eddda958d7b75b1116473a1fc7846ed353

SHA256
09ae1a988582d0ed87f654d53e2ea0e20007aed38d445c2acdbdca9b551126cf

SHA512
b18da17c5ffcbbd4f0836a86beb31790b961a1de382f19cbca20a289d7b31a37fb852f68318d8215acf113a361b48ca7050b10a6d8e85031784f5dd19bcc7a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d003e0d3fc6d96c2362b5b1a861d35d7

SHA1
d5f6508cc5328234ab9a283b03eba217eb85e20d

SHA256
209249edeeacd3da4e9d475ced2242cdea8fa90247bbbc0cff85a6cd2dccc5f3

SHA512
0c308b95b98a0439a8792837480d5a02bb3e35699fca4f50c30e15bcd0594faf77357e05f800f02efa7242f576658205964b88c86691b87b4d33c8ad93116826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7b72e18214d52855a3b215f163370567

SHA1
ea0830d4d3edd6bdebb2534ad4489a4f7f1d4881

SHA256
0a45ee0aa41241a5d98db3545ee2c19ee30da75c0a0453b3546aeee4ced76702

SHA512
05977cc30f4969e1492c77476b8ed1f562bbf99fb087d07164db3084a3170f30f0c087837d56b666b58c16ba9c5d7518cb95001130e13cbd9b7283f203ff774c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ee38e132105b758079ff13358f772bf

SHA1
8d9426ff9046529757c7f6e0e76582d7b012deb5

SHA256
c580ee7131a979c36ad77a5358b8f98a4a0b49d0a0167ff07fac240c0d5da723

SHA512
10e38fcf3cbae786c977a71ef4bf6448066485b837b4f4bceadcea6c00baa82ced38afbed65c235e307525a45c95241f1807ce2dd37a988ee82dda2243962c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
28876d90bbc60476ac7435ed3f0a91e3

SHA1
70dc582cb032d9bb1effe6c5c69d833ace42b35b

SHA256
255fd949ba57175e710e728a6e9d6c836ea958d19c96e6162dc8305e3e3c7119

SHA512
3614836a72145641eadad1b90418e83e209577f50ab6c5e2f234919bd88128eecf2f347b8d7e8d1c4d3451fa240468db1f80074be3a18da03739a6bb2c2d2131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1c5796a5dccf3936d1449a5a71c0286b

SHA1
e873cc2e988d0efd114e54a62654f0550a94d741

SHA256
1b8925604b0d5963a57a6f7535001ac209b53612fefb98ea6f5f547062af235c

SHA512
22bf6000400365c815e375a4229687c17fbdba90a2bd34769aad4ed7deee461d523d6650c4f134a6168af9a22df6f38ed3d71e6e71b2b73db4a6e2f2060c3965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
11d18deaf8d6973065f4040aa29af494

SHA1
4e626e84af0c9f2ceca5a3a59fccbcda9c0bd60f

SHA256
d26ce93894eab29b202adcdcca342bd099000914493f2e1dcad2c6e4f2eb540c

SHA512
37921c53f1f21bbc04bad989d3717e98a26e94d9a1e4812db6f81fa79a3c8cde33f05841470e3043c33f795251c61a91e31ebc2067f9822b030cb9dbaa387193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
51cf1c0351e22b84b78d7cca6583a512

SHA1
0bc7b031c481f80b3471ac90423bcb039fe27b47

SHA256
94705d59989b1b2e00e4dea30dfb803f7ba265fa2be73e2cb716d358ca1e24fd

SHA512
2afa28a17fff0f604e4d5b889e8d85ce0dbdd66c06c30005ded5fe544355f88b623fc9968c4e32997297d5cc72050d62f3bda7fc55d0ef0e5eb644f81fc9595e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59a435.TMP

Filesize
203B

MD5
9449005b58056ef986e162ca051ae90b

SHA1
426e86a2af9c3f1923d34c175ee4842c7b58843c

SHA256
0cc31dc7415d199377cd85b967fab2a0f4916e9ec3f060b13feac3801e92875b

SHA512
830ced905577a71d8728cc8fc0317c041291790576ba3d81f4f314d92c5ac594085eb01f8d0f6b83907c3e7a4881407a72b2e14b2f7ee2a55348419c2af6d6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ae643f8dafc236f22b90d9ec2bf3468a

SHA1
205f380bfee9a0fd3f46c615ecfa398c404277c6

SHA256
0fb6a58bc84f979e0e997fafe6295e4ac6a789615f5934bce05b9f68353baca7

SHA512
2bffc9d00a966e5437ee279d44a993bee5da191c18dbb0dc8b06666e937dbfcba70b54f4978125065b9d00e44ac136db7026c0bdc054bcae596654cad0a78584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c871ea93c2b27d071fbd8bd28a37301d

SHA1
15fee33cdee677bc91dcd79eca03d2b2714f79d5

SHA256
a7f549bba1df5aa6451ae181c38e9eec81987e0d6ab5f8d5cfdf520c850aab45

SHA512
614a0fa773bed8c74b3b75cbcefa7c324afee1c569bf23e99ce38e822ccef7003cafa99585f80868b30b58e872f1a98614c39c1d15e81d458afa261c5a702c03

Download Submit