e1838e460e19fe98e9cc54bb694e491cc2f4b37ab06e3ea1f7540a0262a82189

Resubmissions

04-08-2024 08:00

240804-jwfhvsvcpc 3

04-08-2024 07:57

240804-jte5bazfrl 6

04-08-2024 07:46

240804-jmc2dazekk 10

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2024 07:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

music-note-1275650_960_720.webp
Size

7KB
MD5

866f908684d6f1d93f2c8efd1b065a58
SHA1

ba5e7051fa2a8273c5cd397b1131b5deed98e089
SHA256

e1838e460e19fe98e9cc54bb694e491cc2f4b37ab06e3ea1f7540a0262a82189
SHA512

353811cffa56ae87937ba5ba52431088554240f508fc0a452fa59b8fe01438699ed28ae1943e9f7564c84eead208f6be9d7b04afb1eb1128640d46ef4e95a07a
SSDEEP

192:rhx7CtG7VryH5F+W2DFhIHILq9hPS/SlzZ:rX7EGRr+IWGhPq95OC

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
103	camo.githubusercontent.com
112	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{5CCBFE53-4F6C-47CE-A60B-24A1852CB85B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
3220	msedge.exe
3220	msedge.exe
1380	identity_helper.exe
1380	identity_helper.exe
2300	msedge.exe
2300	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 3220	2200	cmd.exe	84
PID 2200 wrote to memory of 3220	2200	cmd.exe	84
PID 3220 wrote to memory of 2496	3220	msedge.exe	86
PID 3220 wrote to memory of 2496	3220	msedge.exe	86
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 5064	3220	msedge.exe	89
PID 3220 wrote to memory of 2116	3220	msedge.exe	90
PID 3220 wrote to memory of 2116	3220	msedge.exe	90
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91
PID 3220 wrote to memory of 2972	3220	msedge.exe	91

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\music-note-1275650_960_720.webp
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\music-note-1275650_960_720.webp
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc36df46f8,0x7ffc36df4708,0x7ffc36df4718
    3⤵
    PID:2496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
    3⤵
    PID:5064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
    3⤵
    PID:2972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
    3⤵
    PID:2240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:1208
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
    3⤵
    PID:1568
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
    3⤵
    PID:4168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
    3⤵
    PID:4712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
    3⤵
    PID:2760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1
    3⤵
    PID:2564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
    3⤵
    PID:4080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
    3⤵
    PID:4324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
    3⤵
    PID:4984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4652 /prefetch:8
    3⤵
    PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5840 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
    3⤵
    PID:4052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
    3⤵
    PID:1480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
    3⤵
    PID:1932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
    3⤵
    PID:3880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
    3⤵
    PID:4036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
    3⤵
    PID:3188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
    3⤵
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
    3⤵
    PID:4704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
    3⤵
    PID:3704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6472 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:1932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
    3⤵
    PID:4968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5618654480623076132,6347636807305739672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
    3⤵
    PID:3484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
21KB

MD5
017975d305729c957b42440bb7cec4be

SHA1
4ecd64ae942d7994b18210b09e72b9a12c6ad7e3

SHA256
6c9f3f5cc1dfabd4377baced6215ed916ebeca530d76f5afebc7b18f3a6a8668

SHA512
216fb759fd6b7c18e738bf2eda55d316713d54a61fe7c925ef7d1dd82381d214a37bee7f3fdc9ca65c74585decf1a23441eddd6278decc9f4a178ae5252473ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
37KB

MD5
6e13703b4b9b3fee9c9679caa6444f08

SHA1
eebd698908234ddf27a333105f645667e2eb7bf4

SHA256
e9c1c07f5fb1e96dc3bad0cbdaeb5503e38382e8e9c838120bb2652940d6baa6

SHA512
873bc00f546d9811befa014c4dd9ccaea032caa559c72674429ace2c1abfd292e2556de69e2db1bcf0641625bdefcf28955905a1d5b65c620fece0df82827179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
37KB

MD5
14c460a1feda08e672355847ea03d569

SHA1
f1e46ac6abd71ebbcdd798455483c560a1980091

SHA256
d1161f067875a5f686c1732a442f340142c6a03244f4dd0bc0f967596f6cbe3f

SHA512
cfd6e743986ae5074e73264ee1f311fc00a987bdabeeafbf55f5dd6ef0794ccc393507be9dc7e38181f2f10897c300edc297976acd3fb72da2bf560ec260af91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
23KB

MD5
ce3cc830b1e038999dd41be7ae9e1718

SHA1
ebed20a6d1e3b98b2293a90880d6e9bd5a503bf3

SHA256
5bfb0304c3a1d1128796a32c3da1b1d773dbdebecd7947364553b201300b2445

SHA512
74e649b2ebc3c5443feaa548e5f55e403bf99f27a8c5709e0247e89090c53b0d084903d57ac2e69135325ba7d97f9b7d8284df49fb42b28d53dd51b41bd21578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
24KB

MD5
3f78316b5485dea877ff986c00eb6b0d

SHA1
0ce8623b7e34098655883d3674b4265bd73bbb64

SHA256
0ef4b35cafab7842d4aa4eab3e9fb270d8d89011125c08d49c5260c3cc246929

SHA512
1056a68735f58a8b6795f28407fd03e645d2fa09bf6fc73d47f6db09e4ea57704a70094a6b70daeaee4b2c747e648958a1b569bdb489636c7cdd2ce01b2eac12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
17KB

MD5
7d10a6106e8f9e85ae68e310ca2b8433

SHA1
32046f676521ae8b100c0ef88e5e19e1cc49cfe9

SHA256
0c00f8f0acc2ac3079edbb2fcef864743e5ad79da49241f6f28cca83984f7204

SHA512
78bac570118c28fad9bbe3ab261668743ceb81a0229c9bb2267db4228bd9eab1bac1bb07185347cd3fb80a6af62e15e587278a577f215020368399be897864b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
19KB

MD5
6cde00d4c70f65945125b46ffb494046

SHA1
d86ea8b9520beaa539c88febbaa73c14783106b0

SHA256
ff91dfca2f1749052b460ebc05256cc222dc8ef7408aa515661bffcf65b20f88

SHA512
9a423e5f783c1f08085577fccd454b9be7952636710c95b98b99795b4fd790c3bf1d8bb22fc39288521890d0038ba5e157f57bb7d9ea0e745544c2db5ef6b2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
57KB

MD5
1d9313f850dc7f90dbc817920e650fbe

SHA1
cf05a1ca3e477a5295c6b82cddb21364ef9a8c93

SHA256
bc1c1dc9729b72ca481ca91597830682b83fc30c2637f9c73c762e748583dea7

SHA512
d0033fea8fe30ecba6d09580b20cbeaa0f927c7014ab2b788f6e75580ce58e07eec3e53a74228d22f7f95ab6ced8cfcf63633aa1fb1e969569d8a9708e7474c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
137KB

MD5
e947e95a0fd8df1e8c8eb7cae1f96f09

SHA1
22f36705b4a47f05fae77201e936a5c65cb05bfa

SHA256
14fd0b00467eea3d8b863e4aceb343135fa64e8a3b4098d58765199a9d2062a1

SHA512
24b9a4b0b5ffd6ae11ea6cc76d88da96cd0579254dcd463e1bc5ddd99d9850773ae861594ad053d4d07882d4970267aa3789940a4eba63c0543588cd9b293dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
22KB

MD5
9ec8ba204f6c45d71c998a0ce1dd714e

SHA1
e6790bc2fc03148c9d9cc1b3a91f4c5df3d8295c

SHA256
a4daad6848500cbb261729ecded45a13e2f102d666cff8a0e2bf5991ea5e5c9a

SHA512
d30fe0c1f7589354e7b228a5ca4e522e198c6e7ed30186c54025e991c7dc9a324e1cfd243ed2009aed863c01c3b341ec88bd74aca019e13ad52f8dc2ff3c6ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
18KB

MD5
89bdeced88a6ba47b18847cfc98ba7a9

SHA1
389e2cef8405065fdf23b5ebfaa138280531b62f

SHA256
d69cae7b7288f601fd4b9bc3c0a7471694a76498998959c2d79e45bb81ee1f1c

SHA512
7bcc0e569fa2477e66ec60925fd32c2d25d298a24d074d6228f12c05e4e8ce6a73c024c1d6fb9ff76db7b63d49a7eb442b14493a04180ae97b3bfb22b13396d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
34ef413f08c02bb4aa8590d2f94acc5e

SHA1
ccf6f3558823cb929988a39b25cf147ae4751ea2

SHA256
1532496b27ccb69bed443fe3b2f1438e5c9b6c5ae923cbfb5e17da0fd7413da7

SHA512
f00450b4e3a9750e78f8ffde60aabd1a4d240e21f9d61c0df3250f5fd139293f070d628078cb9c907bbabe8669afc077ab793b58d294646bc45e34fca59dae9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
30b5e7ec0824cdb900ac31112adc04c7

SHA1
b69c1d8a859c4426450ca0c2f8f37aff345c6489

SHA256
258b414fbd075580ba515c372fff4003a9258afa07f8f107f4a9d95578ff90b3

SHA512
7029f5a785e98bde6fb6d0b50c5ed10683d83f2381b5fc7df2d5801d164deeef53dc7fa18c7f93ea796361b15dc5af70641d97c7d2d4291eaa14c0500544bbb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
95fae74f84e9808f44dcf02bff98f78a

SHA1
9a84e8278533c91a6484cb9d137a68eb6c227016

SHA256
33ffe28dd475ece136d3cfa3064b94bcd49c59feae48f4a4a5f1b4b834df3d98

SHA512
1b8c9a46dba3c60ae99a7472035d42932d47d097927d9c662435785d668b064c81cc827732686ccfbaff3ca0e1ff6137a344bf6cce2dd5df045187ab6dbb2706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
812B

MD5
c6516482e8155f76879b95cf40dff1b6

SHA1
254f61b9a9bd015bda2bc90fa56eb63e50180567

SHA256
81fd50d81fc9303460d04aaebe4e07d34ef58270f1c9d0d9003932d14e46b0ef

SHA512
6864181d043e90524a003fdd23cb0e39468b4ff38d40e7847d209a4394bb71c843b1466750c216894ada4e07701191ecf2d0e2eed336e17be53e2cceddb53b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31d80bb613021df7f99da1280043abdc

SHA1
ef898b01b5a2171f54983283aa4088b002ba87d8

SHA256
5a517bbd4c4a8e3f160fb8857e07cdf3807c18ae4b4e0ceb719f93c085b7820e

SHA512
767c0a265ebf04c3b977693d7c8ba1d350115985227e173da2dcd1660effcf0050be87bf22f6db07787b2e5c97f2f9aa66c0ea897b8d2f1f20715d013f7fed01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4da61cfac0ededa82cfd1741e3b8ced8

SHA1
b64a7a4cf6a1199a9950892985745b1ab233e187

SHA256
7b8e7ca24046a656a381802434b52ccd818ac8f4ca30720fbdaf73a71a307d67

SHA512
2e5d18c3e97bbf10deb222b1c7a1f64db8e3d2c1b6f33f2971773fc4ab4d86ea0549ab035625b576cafa3264bdfd5941d4b881cd6cb0b23576bdf21338c9cb78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee3bee859b5faeca034e8f73e1f2a2f6

SHA1
dbcb58c2dfe5a515953b2355014b5c8803ada20d

SHA256
f29d2238e325d8699287208213a8da450aefbcb8c86ac4c06df54488adc673e6

SHA512
8b9712c4cab397d4638c569e404292e47bef83054ecc5e291e870e9e060c72f3e3e22f3b7d5f011e68671dc88f221c6902181a856b8bd00ba37b10fc21cf43eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1baca8fd1cde2128755b451d02083b3d

SHA1
ebabf80c3dad1191a0ec0083eaa586de79072fe4

SHA256
8aeee02ecdd92f0a3d2a2966a41cca924163b2d51b5311e50f08f6d50ddc03b0

SHA512
4726fbe5e5b42afedef55d43508cc0cafac9517eccf7dd48cd3e0268edfebe55e9eaef5ecfb18373b69517a9b59a010bf70200333a8cad0c028e376d2a1aaec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b265754a8e870b1725fb3522747beb8

SHA1
867ca94e8beb07053f26b461c1530ad87efb49de

SHA256
74b337eb7eeb05a47047f6622ec8b7f5c8c6f06137c73b4b3bd2fe6cd050b44c

SHA512
27ff998d38cdf69006f2c28fe4da358a8984489c8e77d1c3846ea7b3e905418ed80c83da18bd3efea6445a5c51101d9f11b41bb654a759ba9f789a88c68951f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b28b82d2ace129451dd23c09d71c8e71

SHA1
dcd1f5b056f80faa44c2529ef974460a5a2cd5de

SHA256
a5fac88e1b0508bb6afa379cf3945440a5f6de49e16030362d2fd29e5f1b46e9

SHA512
cfd1449d1be0f4965d8f12e0492f1b77bce29cb8525ee3153a2404ad532f561e71accc0003d891845ea3948226d6da8ca222298612209f62fd02b7c44b79c0ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd899cfeeb126a236244b637388a0b74

SHA1
c54a8aeaf18f10e319dfed0a93e759f434b0ceed

SHA256
6ea48af8b9f4c59f05ca7c964075b34594de7b624c0de96fadf00197ab6f60b8

SHA512
d0209b1ebcdce659b9bfb6f4af2e15662d2a1819d08c77f1c70bb017917f1d312c4ec75d6ded055793451c9f0ef580a0aef0db6208b528533f20d3d13ac65640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
13e0567ae108a8a72656fac481b26782

SHA1
731036df8a26bb027e23f37733a1f6367a39fada

SHA256
47472a15b86a846f70e1987803bea387c657a9ab0c1c68be5b1945190568fd35

SHA512
eb14f36bb9a818121f40f8d58fffffeff579610bed30242701489d49b46fe5d64b105653640cf5967fb6c30843eafbbd34f2c8464fa293c1e74a94578e45b105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a8fa826171defa2a00cc030f7b2e6022

SHA1
8d9cbe07dbbde4122f973d278aff1a03b51ac598

SHA256
bcd5dbbdbf6fd17b728d8bc1234d36f70a84834c7967d94950b002039310e304

SHA512
0da3b21a45f5e1ed2dabb2c8df4b804ff4be855507086166cba54491bd407a7ed177909dea15969cc08681206dcf9ec31f7d195795e9eef79afebbc6a23a8a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
87d7ba5acab338edc411c2a1b29845fd

SHA1
44b5f3f3f14febbf12849c10ed1b415b00ca0860

SHA256
0e6d75f920549f9761a00b81ad99bc20a12e5c8ed18704c061a2b1f8aee29662

SHA512
cf3523e65ea266a597968d3d2ad55ce01ad87a004d6f154e4ce0c134d2b007855793657ab5372bdf2b580d55efe97ac42595438619651bb6024eac6085cddf05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588e7f.TMP

Filesize
1KB

MD5
a8d0c4af227ec8cebfea92da5f7db195

SHA1
5bc6770b48a94359942392469560faba99e5de7c

SHA256
128335d07d9b7ce5c5a33f2357877b7eb7755664a0688f4388f6758b5470bab8

SHA512
14d56323ee7c609852ae77d74fbbc511ef19591ea586bf34ec8216960f970d0dc6907cac04ef189c0cadc50b33508cc4c9dc586ad8a373d25f06c6d6b125b6e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
20199046d73e13540a7169cdd3dafc60

SHA1
7cd8f8fbbaa16f31db5e500be247f5983aeb1e5d

SHA256
c3fcca1cf52e55bec19c7af79e9e2f06f8a50d7ba432d771d830efafba682a01

SHA512
dcd86bf54d1a20d2a94d4d9d2a8bb11fa98001e1b819c215dc3da8f911e3e82d5438d6c1341ee3bf7bcbc6eec55b4fde58303e93c66760839b0514a0509f3728

Download Submit